VIRUS F::autrun.inf VBS : Malware-gen.
Résolu
CLAIRE
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Même pb que les autres, je n'arrive pas a me débarraser de ce virus F::autrun.inf VBS : Malware-gen. Je n'arrive pas à m'en débarrasser et dans le forum, je ne comprend pas vraiment ce qu'il faut faire. AVAST m'envoi une alertevirus toute les 10 secondes. J'ai téléchargé Hi jack et copier le rapport mais après?
Merci de votre aide si précieuse.
RAPPORT:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:26:22, on 11/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\Claire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\rndll.exe
C:\documents and settings\claire\local settings\application data\kpbhdpu.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Micro Application\LauncherMA.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet 3G+ Bouygues Telecom\Internet 3G+ Bouygues Telecom.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gllob.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOS Connexion - Le web en toute simplicité
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Claire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Claire\lsass.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\Claire\APPLIC~1\IDOLSU~1\DrvWay.exe
O4 - HKCU\..\Run: [njgmnmhjr] c:\documents and settings\claire\local settings\application data\njgmnmhjr.exe njgmnmhjr
O4 - HKCU\..\Run: [E07FXLRD_238375] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [agycsi] c:\documents and settings\claire\local settings\application data\agycsi.exe agycsi
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [kpbhdpu] "c:\documents and settings\claire\local settings\application data\kpbhdpu.exe" kpbhdpu
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{958674C0-7F3C-489C-8BF5-9DD3FC84B2AB}: NameServer = 62.201.129.99 62.201.159.99
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://www.annegeddes.com/images/ecards/thumbs/ekc419n.jpg
Même pb que les autres, je n'arrive pas a me débarraser de ce virus F::autrun.inf VBS : Malware-gen. Je n'arrive pas à m'en débarrasser et dans le forum, je ne comprend pas vraiment ce qu'il faut faire. AVAST m'envoi une alertevirus toute les 10 secondes. J'ai téléchargé Hi jack et copier le rapport mais après?
Merci de votre aide si précieuse.
RAPPORT:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:26:22, on 11/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\Claire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\rndll.exe
C:\documents and settings\claire\local settings\application data\kpbhdpu.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Micro Application\LauncherMA.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet 3G+ Bouygues Telecom\Internet 3G+ Bouygues Telecom.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gllob.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOS Connexion - Le web en toute simplicité
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Claire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Claire\lsass.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\Claire\APPLIC~1\IDOLSU~1\DrvWay.exe
O4 - HKCU\..\Run: [njgmnmhjr] c:\documents and settings\claire\local settings\application data\njgmnmhjr.exe njgmnmhjr
O4 - HKCU\..\Run: [E07FXLRD_238375] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [agycsi] c:\documents and settings\claire\local settings\application data\agycsi.exe agycsi
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\Run: [kpbhdpu] "c:\documents and settings\claire\local settings\application data\kpbhdpu.exe" kpbhdpu
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{958674C0-7F3C-489C-8BF5-9DD3FC84B2AB}: NameServer = 62.201.129.99 62.201.159.99
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - http://www.annegeddes.com/images/ecards/thumbs/ekc419n.jpg
A voir également:
- VIRUS F::autrun.inf VBS : Malware-gen.
- Virus mcafee - Accueil - Piratage
- Sfc /scannow /f /r - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
152 réponses
oublies cette mention
tu cliques sur le H bleu
tu copies colles les lignes en gras
Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".
tu cliques sur le H bleu
tu copies colles les lignes en gras
Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".
j'ai copié et coller les lignes mais il me dit message erreur: INDICES DE LISTE HORS LIMITE. C'est ca gene à mon avis
ZHPFix v1.12.26 by Nicolas Coolman - Rapport de suppression du 15/01/2010 19:12:52
Fichier d'export Registre : C:\ZHPExportRegistry-15-01-2010-19-12-52.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
O64 - Services: CurCS - FOPN (FOPN) - LEGACY_FOPN
=> Clé absente
Valeur du Registre :
(Néant)
Elément de données du Registre :
(Néant)
Dossier :
(Néant)
Fichier d'export Registre : C:\ZHPExportRegistry-15-01-2010-19-12-52.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
O64 - Services: CurCS - FOPN (FOPN) - LEGACY_FOPN
=> Clé absente
Valeur du Registre :
(Néant)
Elément de données du Registre :
(Néant)
Dossier :
(Néant)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
relances zhp pour verifier comme au post 78
https://forums.commentcamarche.net/forum/affich-16109377-virus-f-autrun-inf-vbs-malware-gen?page=4#78
https://forums.commentcamarche.net/forum/affich-16109377-virus-f-autrun-inf-vbs-malware-gen?page=4#78
ZHPFix v1.12.26 by Nicolas Coolman - Rapport de suppression du 15/01/2010 19:37:16
Fichier d'export Registre : C:\ZHPExportRegistry-15-01-2010-19-37-16.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
O64 - Services: CurCS - FOPN (FOPN) - LEGACY_FOPN
=> Clé absente
Valeur du Registre :
(Néant)
Elément de données du Registre :
(Néant)
Dossier :
(Néant)
Fichier :
(Néant)
Logiciel :
O42 - Logiciel: SoftwareUpdate 1.0
=> Logiciel absent
Script Registre :
(Néant)
Autre :
(Néant)
Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 1
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 1
Autre : 0
End of the scan
Fichier d'export Registre : C:\ZHPExportRegistry-15-01-2010-19-37-16.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
O64 - Services: CurCS - FOPN (FOPN) - LEGACY_FOPN
=> Clé absente
Valeur du Registre :
(Néant)
Elément de données du Registre :
(Néant)
Dossier :
(Néant)
Fichier :
(Néant)
Logiciel :
O42 - Logiciel: SoftwareUpdate 1.0
=> Logiciel absent
Script Registre :
(Néant)
Autre :
(Néant)
Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 1
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 1
Autre : 0
End of the scan
Quand je vais voir sur le lien http://www.premiumorange.com/zeb-help-process/zhpfix.html, je n'ai pas le tous qui apparait avant de nettoyer. C'est bizarre
non...
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message
il me faut voir si les suppressions ont été réalisées d'où le zhp que je te demande
d'ailleur comment va le pc ?
d'ailleur comment va le pc ?
Le PC va bien, du moins il va mieux ! Seulement je ne sais toujours pas pourquoi il ne voulait pas prendre AD-REMOVER. Pour les rapports que je post, je n'y connais rien, c'est du charabia pour moi et me repose donc sur vous pour me dire si tout va bien et si tout à l'air normal. Merci encore pour votre aide.
qu'il aille mieux c'est bien, mais ce n'est pas assez
reste des choses à supprimer
on retentes le coup
Relance ZHPDiag ( Clic droit " Executer en tant qu'administrateur " sous vista ) , fais un scan puis cette fois-ci cliques sur l'icone en forme d'écusson vert " ZHPFix ".
ZHPFix se lancera, clique maintenant sur le " H " bleu
tu selectionnes les lignes en gras ci dessous en cliquant sans lacher le clic
ensuite tu clic droit dessus...copier
et dans la fenêtre zhpfix clic droit..coller
O64 - Services: CurCS - FOPN (FOPN) - LEGACY_FOPN
O64 - Services: CurCS - vspf (vspf) - LEGACY_VSPF
O64 - Services: CurCS - vspf_hk (vspf_hk) - LEGACY_VSPF_HK
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\Claire\APPLIC~1\IDOLSU~1\DrvWay.exe
O41 - Driver: vspf (vspf) - C:\WINDOWS\system32\drivers\vspf5.sys
O41 - Driver: vspf_hk (vspf_hk) - C:\WINDOWS\system32\drivers\vspf_hk5.sys
O42 - Logiciel: SoftwareUpdate 1.0
O43 - CFD:Common File Directory ----D- C:\Program Files\IdolSupport
O43 - CFD:Common File Directory ----D- C:\Program Files\EoRezo
O44 - LFC:[MD5.8185A912982D7702831228608671CDCB] - 13/01/2010 - 22:24:20 ---A- C:\Log.txt
O47 - AAKE:Key Export SP - "C:\DOCUME~1\Claire\LOCALS~1\Temp\IXP000.TMP\ngf.exe"="C:\DOCUME~1\Claire\LOCALS~1\Temp\IXP000.TMP\ngf.exe:*:Enabled:Firevall Administrating"
O44 - LFC:[MD5.C2164BACA91ED5E20B2E6D9C91CC13F6] - 14/01/2010 - 20:27:46 ---A- C:\Ad-Report-SCAN[1].log
O44 - LFC:[MD5.E19A193539BCDB9B29597262D305CC0C] - 13/01/2010 - 22:12:36 ---A- C:\WINDOWS\System32\perfc009.dat
O44 - LFC:[MD5.5B448877CE48ACF357090F3E20F2C36F] - 13/01/2010 - 22:12:36 ---A- C:\WINDOWS\System32\perfc00C.dat
O44 - LFC:[MD5.D5AF3D9B1E13F998AF1A3D1950B0F075] - 13/01/2010 - 22:12:36 ---A- C:\WINDOWS\System32\perfh009.dat
O44 - LFC:[MD5.D9A14F1C6BB8CB8C80C53D18D50DD7BF] - 13/01/2010 - 22:12:36 ---A- C:\WINDOWS\System32\perfh00C.dat
O44 - LFC:[MD5.6A6439778A65ACF9CDCFC1B09CA434E7] - 11/01/2010 - 23:56:46 ---A- C:\Ad-Report-CLEAN[3].log
O44 - LFC:[MD5.489B25D80638E725A87A7470C2EE21D6] - 11/01/2010 - 23:34:48 ---A- C:\Ad-Report-CLEAN[2].log
O44 - LFC:[MD5.710060F83D87B0333F8410A589060D9E] - 11/01/2010 - 22:45:22 ---A- C:\Ad-Report-CLEAN[1].log
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".
Copie/Colle le rapport à l'écran dans ton prochain message
reste des choses à supprimer
on retentes le coup
Relance ZHPDiag ( Clic droit " Executer en tant qu'administrateur " sous vista ) , fais un scan puis cette fois-ci cliques sur l'icone en forme d'écusson vert " ZHPFix ".
ZHPFix se lancera, clique maintenant sur le " H " bleu
tu selectionnes les lignes en gras ci dessous en cliquant sans lacher le clic
ensuite tu clic droit dessus...copier
et dans la fenêtre zhpfix clic droit..coller
O64 - Services: CurCS - FOPN (FOPN) - LEGACY_FOPN
O64 - Services: CurCS - vspf (vspf) - LEGACY_VSPF
O64 - Services: CurCS - vspf_hk (vspf_hk) - LEGACY_VSPF_HK
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\Claire\APPLIC~1\IDOLSU~1\DrvWay.exe
O41 - Driver: vspf (vspf) - C:\WINDOWS\system32\drivers\vspf5.sys
O41 - Driver: vspf_hk (vspf_hk) - C:\WINDOWS\system32\drivers\vspf_hk5.sys
O42 - Logiciel: SoftwareUpdate 1.0
O43 - CFD:Common File Directory ----D- C:\Program Files\IdolSupport
O43 - CFD:Common File Directory ----D- C:\Program Files\EoRezo
O44 - LFC:[MD5.8185A912982D7702831228608671CDCB] - 13/01/2010 - 22:24:20 ---A- C:\Log.txt
O47 - AAKE:Key Export SP - "C:\DOCUME~1\Claire\LOCALS~1\Temp\IXP000.TMP\ngf.exe"="C:\DOCUME~1\Claire\LOCALS~1\Temp\IXP000.TMP\ngf.exe:*:Enabled:Firevall Administrating"
O44 - LFC:[MD5.C2164BACA91ED5E20B2E6D9C91CC13F6] - 14/01/2010 - 20:27:46 ---A- C:\Ad-Report-SCAN[1].log
O44 - LFC:[MD5.E19A193539BCDB9B29597262D305CC0C] - 13/01/2010 - 22:12:36 ---A- C:\WINDOWS\System32\perfc009.dat
O44 - LFC:[MD5.5B448877CE48ACF357090F3E20F2C36F] - 13/01/2010 - 22:12:36 ---A- C:\WINDOWS\System32\perfc00C.dat
O44 - LFC:[MD5.D5AF3D9B1E13F998AF1A3D1950B0F075] - 13/01/2010 - 22:12:36 ---A- C:\WINDOWS\System32\perfh009.dat
O44 - LFC:[MD5.D9A14F1C6BB8CB8C80C53D18D50DD7BF] - 13/01/2010 - 22:12:36 ---A- C:\WINDOWS\System32\perfh00C.dat
O44 - LFC:[MD5.6A6439778A65ACF9CDCFC1B09CA434E7] - 11/01/2010 - 23:56:46 ---A- C:\Ad-Report-CLEAN[3].log
O44 - LFC:[MD5.489B25D80638E725A87A7470C2EE21D6] - 11/01/2010 - 23:34:48 ---A- C:\Ad-Report-CLEAN[2].log
O44 - LFC:[MD5.710060F83D87B0333F8410A589060D9E] - 11/01/2010 - 22:45:22 ---A- C:\Ad-Report-CLEAN[1].log
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".
Copie/Colle le rapport à l'écran dans ton prochain message
ZHPFix v1.12.26 by Nicolas Coolman - Rapport de suppression du 15/01/2010 20:59:17
Fichier d'export Registre : C:\ZHPExportRegistry-15-01-2010-20-59-17.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
O64 - Services: CurCS - FOPN (FOPN) - LEGACY_FOPN
=> Clé absente
Valeur du Registre :
(Néant)
Elément de données du Registre :
(Néant)
Dossier :
(Néant)
Fichier :
(Néant)
Logiciel :
O42 - Logiciel: SoftwareUpdate 1.0
=> Logiciel absent
Script Registre :
(Néant)
Autre :
(Néant)
Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 1
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 1
Autre : 0
End of the scan
Fichier d'export Registre : C:\ZHPExportRegistry-15-01-2010-20-59-17.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
O64 - Services: CurCS - FOPN (FOPN) - LEGACY_FOPN
=> Clé absente
Valeur du Registre :
(Néant)
Elément de données du Registre :
(Néant)
Dossier :
(Néant)
Fichier :
(Néant)
Logiciel :
O42 - Logiciel: SoftwareUpdate 1.0
=> Logiciel absent
Script Registre :
(Néant)
Autre :
(Néant)
Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 1
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 1
Autre : 0
End of the scan
J'ai respecté une fois de plus la procédure. SCAN - Logo vert - H - Copier les lignes en gras du post - coller dans la fenetre - clik sur OK - (La il me dit indice de liste hors limite (3) ) je fais OK - je selectionne les deux logiciels inscrits dedans - et nettoyer. Ca me donne le resultat ci-dessus .
bonsoir , je viens apporter mon soutien , on va tenter une version de list_Kill'em avec une autre extension (extension .scr , mise en service pour l occasion):
s'il fonctionne , tapes "F" puis entrée , et "1" puis entrée
poste le rapport qui apparaitra à l'ecran "COMPLETED"
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.scr
s'il fonctionne , tapes "F" puis entrée , et "1" puis entrée
poste le rapport qui apparaitra à l'ecran "COMPLETED"
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.scr
Ci-joint le rapport "List_Killem" demandé :
List'em by g3n-h@ckm@n 1.1.8.3
Thx to El Desaparecido.....& CCM team
User : Claire (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 21:16:23 | 15/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Celeron(R) M processor 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ Enabled | Updated ]
AV : Microsoft Security Essentials 2.0.6212.0 [ Enabled | Updated ]
C:\ -> Disque fixe local | 35,61 Go (2,26 Go free) [ACER] | FAT32
D:\ -> Disque fixe local | 35,99 Go (32,05 Go free) [ACERDATA] | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM | 23,64 Mo (0 Mo free) [Mobile Partner] | CDFS
H:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Micro Application\LauncherMA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet 3G+ Bouygues Telecom\Internet 3G+ Bouygues Telecom.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Claire\Bureau\List_Killem.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Claire\Local Settings\Temp\2D.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
second load REG_SZ C:\DOCUME~1\Claire\APPLIC~1\IDOLSU~1\DrvWay.exe
E07FXLRD_238375 REG_SZ "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" -m
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
PMCLoader REG_SZ C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
EoEngine REG_SZ
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSSE REG_SZ "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
NoDriveAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
F:\bittorrent.exe REG_SZ F:\bittorrent.exe:*:Disabled:bittorrent
C:\Program Files\Pando Networks\Pando\pando.exe REG_SZ C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:pando
C:\DOCUME~1\Claire\LOCALS~1\Temp\IXP000.TMP\ngf.exe REG_SZ C:\DOCUME~1\Claire\LOCALS~1\Temp\IXP000.TMP\ngf.exe:*:Enabled:Firevall Administrating
C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe REG_SZ C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000
C:\Program Files\Microsoft Office\Office12\groove.exe REG_SZ C:\Program Files\Microsoft Office\Office12\groove.exe:*:Disabled:Microsoft Office Groove
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Messenger\MSMSGS.EXE REG_SZ C:\Program Files\Messenger\MSMSGS.EXE:*:Disabled:Windows Messenger
C:\Program Files\Yahoo!\Messenger\YServer.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
C:\Program Files\Yahoo!\Messenger\YPager.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?hl=fr&gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
G:\Autorun.inf :
----------------
[AutoRun]
open=AutoRun.exe
icon=Startup.ico
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
35,61 Go total, 2,26 Go libre (6%), 34% fragment‚ (fragmentation du fichier 52%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\file joy proc deaf
C:\Program Files\EoRezo
C:\Program Files\Internet Explorer\fxavx.ini
C:\WINDOWS\_delis32.ini
C:\WINDOWS\Fonts\GRGAREF.TTF
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\WINDOWS\iun6002.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\rnaph.dll
C:\WINDOWS\System32\stera.log
C:\Documents and Settings\Claire\Application Data\ItsLabel
C:\Documents and Settings\Claire\Local Settings\Application Data\vjospywuv.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Eoengine"
"HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
HKCU\SOFTWARE\EoRezo
HKCU\software\Iminent
HKCU\SOFTWARE\ItsLabel
HKCU\software\Live-Player
HKLM\SOFTWARE\Classes\HbtHostIE.Bho
HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1
HKLM\SOFTWARE\ItsLabel
HKLM\software\Iminent
HKLM\software\Live-Player
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\SOFTWARE\ShopperReports
HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_FOPN
HKLM\SYSTEM\ControlSet001\Services\vspf
HKLM\SYSTEM\ControlSet001\Services\vspf_hk
HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_FOPN
HKLM\SYSTEM\ControlSet002\Services\vspf
HKLM\SYSTEM\ControlSet002\Services\vspf_hk
HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_FOPN
HKLM\SYSTEM\CurrentControlSet\Services\vspf
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 21:23:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Fichiers communs
Windows NT
MSN
MSN Gaming Zone
Messenger
Windows Media Player
Online Services
ComPlus Applications
Internet Explorer
Outlook Express
NetMeeting
Movie Maker
Services en ligne
WindowsUpdate
microsoft frontpage
xerox
Uninstall Information
InstallShield Installation Information
Intel
Synaptics
CONEXANT
Alwil Software
NewTech Infosystems
Adobe
CyberLink
Acer Inc
IdolSupport
Reference Assemblies
acer
Microsoft Works
Microsoft Office
trend micro
Windows Live
VALUEADD
WinRAR
Executive Software
PROMT5
Microsoft.NET
Microsoft Visual Studio
MSBuild
Microsoft CAPICOM 2.1.0.2
MSXML 4.0
Microsoft
Logitech
MessengerPlus! 3
Internet 3G+ Bouygues Telecom
Windows Live SkyDrive
VideoLAN
Micro Application
HardwareDetection
Nero
NoLimits Demo v1.262
DivX
Malwarebytes' Anti-Malware
Hercules
Maxis
ZHPDiag
TrendMicro
Microsoft Security Essentials
Sun
CCleaner
MSXML 6.0
EoRezo
Google
Yahoo!
LudoSoft
Broderbund
HP
Hewlett-Packard
EPSON
============
Lecteur C:
============
I386
DOCS
DOTNETFX
SUPPORT
pagefile.sys
users
ELEMENTS
BOOTSECT.DOS
WINDOWS
Bootfont.bin
ntldr
NTDETECT.COM
boot.ini
Documents and Settings
Program Files
autorun.inf
PRELOAD.AAA
System Volume Information
BOOK
Sysinfo
wps.dat
bcmwl5.log
Capture
Recycled
PRELOAD.REV
PATCH.REV
FOUND.000
Ad-Remover
Ad-Report-CLEAN[4].log
FOUND.001
FOUND.002
Kill'em
hiberfil.sys
List'em.txt
Log.txt
FOUND.003
FOUND.004
Ad-Report-SCAN[1].log
TCleaner.txt
Ad-Report-CLEAN[1].log
Ad-Report-CLEAN[2].log
Ad-Report-CLEAN[3].log
eJay
persist.dbs
DVD Shrink
MSDOS.SYS
IO.SYS
CH_ROCKS
S_BATTLE
PDOXUSRS.NET
YServer.txt
MSOCache
report
EPSON
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Documents and Settings\All Users\Application Data\Micro Application\MovieCreator\6.0\Serial.txt
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
List'em by g3n-h@ckm@n 1.1.8.3
Thx to El Desaparecido.....& CCM team
User : Claire (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 21:16:23 | 15/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Celeron(R) M processor 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ Enabled | Updated ]
AV : Microsoft Security Essentials 2.0.6212.0 [ Enabled | Updated ]
C:\ -> Disque fixe local | 35,61 Go (2,26 Go free) [ACER] | FAT32
D:\ -> Disque fixe local | 35,99 Go (32,05 Go free) [ACERDATA] | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM | 23,64 Mo (0 Mo free) [Mobile Partner] | CDFS
H:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Micro Application\LauncherMA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet 3G+ Bouygues Telecom\Internet 3G+ Bouygues Telecom.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Claire\Bureau\List_Killem.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Claire\Local Settings\Temp\2D.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
second load REG_SZ C:\DOCUME~1\Claire\APPLIC~1\IDOLSU~1\DrvWay.exe
E07FXLRD_238375 REG_SZ "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" -m
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
PMCLoader REG_SZ C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
EoEngine REG_SZ
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSSE REG_SZ "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
NoDriveAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
F:\bittorrent.exe REG_SZ F:\bittorrent.exe:*:Disabled:bittorrent
C:\Program Files\Pando Networks\Pando\pando.exe REG_SZ C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:pando
C:\DOCUME~1\Claire\LOCALS~1\Temp\IXP000.TMP\ngf.exe REG_SZ C:\DOCUME~1\Claire\LOCALS~1\Temp\IXP000.TMP\ngf.exe:*:Enabled:Firevall Administrating
C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe REG_SZ C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000
C:\Program Files\Microsoft Office\Office12\groove.exe REG_SZ C:\Program Files\Microsoft Office\Office12\groove.exe:*:Disabled:Microsoft Office Groove
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Messenger\MSMSGS.EXE REG_SZ C:\Program Files\Messenger\MSMSGS.EXE:*:Disabled:Windows Messenger
C:\Program Files\Yahoo!\Messenger\YServer.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
C:\Program Files\Yahoo!\Messenger\YPager.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?hl=fr&gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
G:\Autorun.inf :
----------------
[AutoRun]
open=AutoRun.exe
icon=Startup.ico
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
35,61 Go total, 2,26 Go libre (6%), 34% fragment‚ (fragmentation du fichier 52%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\file joy proc deaf
C:\Program Files\EoRezo
C:\Program Files\Internet Explorer\fxavx.ini
C:\WINDOWS\_delis32.ini
C:\WINDOWS\Fonts\GRGAREF.TTF
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\WINDOWS\iun6002.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\rnaph.dll
C:\WINDOWS\System32\stera.log
C:\Documents and Settings\Claire\Application Data\ItsLabel
C:\Documents and Settings\Claire\Local Settings\Application Data\vjospywuv.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Eoengine"
"HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
HKCU\SOFTWARE\EoRezo
HKCU\software\Iminent
HKCU\SOFTWARE\ItsLabel
HKCU\software\Live-Player
HKLM\SOFTWARE\Classes\HbtHostIE.Bho
HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1
HKLM\SOFTWARE\ItsLabel
HKLM\software\Iminent
HKLM\software\Live-Player
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\SOFTWARE\ShopperReports
HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_FOPN
HKLM\SYSTEM\ControlSet001\Services\vspf
HKLM\SYSTEM\ControlSet001\Services\vspf_hk
HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_FOPN
HKLM\SYSTEM\ControlSet002\Services\vspf
HKLM\SYSTEM\ControlSet002\Services\vspf_hk
HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_FOPN
HKLM\SYSTEM\CurrentControlSet\Services\vspf
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 21:23:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Fichiers communs
Windows NT
MSN
MSN Gaming Zone
Messenger
Windows Media Player
Online Services
ComPlus Applications
Internet Explorer
Outlook Express
NetMeeting
Movie Maker
Services en ligne
WindowsUpdate
microsoft frontpage
xerox
Uninstall Information
InstallShield Installation Information
Intel
Synaptics
CONEXANT
Alwil Software
NewTech Infosystems
Adobe
CyberLink
Acer Inc
IdolSupport
Reference Assemblies
acer
Microsoft Works
Microsoft Office
trend micro
Windows Live
VALUEADD
WinRAR
Executive Software
PROMT5
Microsoft.NET
Microsoft Visual Studio
MSBuild
Microsoft CAPICOM 2.1.0.2
MSXML 4.0
Microsoft
Logitech
MessengerPlus! 3
Internet 3G+ Bouygues Telecom
Windows Live SkyDrive
VideoLAN
Micro Application
HardwareDetection
Nero
NoLimits Demo v1.262
DivX
Malwarebytes' Anti-Malware
Hercules
Maxis
ZHPDiag
TrendMicro
Microsoft Security Essentials
Sun
CCleaner
MSXML 6.0
EoRezo
Yahoo!
LudoSoft
Broderbund
HP
Hewlett-Packard
EPSON
============
Lecteur C:
============
I386
DOCS
DOTNETFX
SUPPORT
pagefile.sys
users
ELEMENTS
BOOTSECT.DOS
WINDOWS
Bootfont.bin
ntldr
NTDETECT.COM
boot.ini
Documents and Settings
Program Files
autorun.inf
PRELOAD.AAA
System Volume Information
BOOK
Sysinfo
wps.dat
bcmwl5.log
Capture
Recycled
PRELOAD.REV
PATCH.REV
FOUND.000
Ad-Remover
Ad-Report-CLEAN[4].log
FOUND.001
FOUND.002
Kill'em
hiberfil.sys
List'em.txt
Log.txt
FOUND.003
FOUND.004
Ad-Report-SCAN[1].log
TCleaner.txt
Ad-Report-CLEAN[1].log
Ad-Report-CLEAN[2].log
Ad-Report-CLEAN[3].log
eJay
persist.dbs
DVD Shrink
MSDOS.SYS
IO.SYS
CH_ROCKS
S_BATTLE
PDOXUSRS.NET
YServer.txt
MSOCache
report
EPSON
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Documents and Settings\All Users\Application Data\Micro Application\MovieCreator\6.0\Serial.txt
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
Kill'em by g3n-h@ckm@n 1.1.8.3
User : Claire (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 21:28:40 | 15/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Celeron(R) M processor 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ Enabled | Updated ]
AV : Microsoft Security Essentials 2.0.6212.0 [ Enabled | Updated ]
C:\ -> Disque fixe local | 35,61 Go (2,26 Go free) [ACER] | FAT32
D:\ -> Disque fixe local | 35,99 Go (32,05 Go free) [ACERDATA] | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM | 23,64 Mo (0 Mo free) [Mobile Partner] | CDFS
H:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Micro Application\LauncherMA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet 3G+ Bouygues Telecom\Internet 3G+ Bouygues Telecom.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Claire\Bureau\List_Killem.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Claire\Local Settings\Temp\2F.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quaranteend & Deleted !! : C:\Documents and Settings\All Users\Application Data\file joy proc deaf
Quaranteend & Deleted !! : C:\Program Files\EoRezo
Quaranteend & Deleted !! : C:\Program Files\Internet Explorer\fxavx.ini
Quaranteend & Deleted !! : C:\WINDOWS\_delis32.ini
Quaranteend & Deleted !! : C:\WINDOWS\Fonts\GRGAREF.TTF
Quaranteend & Deleted !! : C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
Quaranteend & Deleted !! : C:\WINDOWS\iun6002.exe
Quaranteend & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quaranteend & Deleted !! : C:\WINDOWS\system32\MSWINSCK.OCX
Quaranteend & Deleted !! : C:\WINDOWS\system32\rnaph.dll
Quaranteend & Deleted !! : C:\WINDOWS\System32\stera.log
Quaranteend & Deleted !! : C:\Documents and Settings\Claire\Application Data\ItsLabel
Quaranteend & Deleted !! : C:\Documents and Settings\Claire\Local Settings\Application Data\vjospywuv.exe
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKCU\software\Iminent
Deleted : HKCU\SOFTWARE\ItsLabel
Deleted : HKCU\software\Live-Player
Deleted : HKLM\SOFTWARE\Classes\HbtHostIE.Bho
Deleted : HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1
Deleted : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar
Deleted : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1
Deleted : HKLM\SOFTWARE\ItsLabel
Deleted : HKLM\software\Iminent
Deleted : HKLM\software\Live-Player
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
Deleted : HKLM\SOFTWARE\ShopperReports
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_FOPN
Deleted : HKLM\SYSTEM\ControlSet001\Services\vspf
Deleted : HKLM\SYSTEM\ControlSet001\Services\vspf_hk
Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_FOPN
Deleted : HKLM\SYSTEM\ControlSet002\Services\vspf
Deleted : HKLM\SYSTEM\ControlSet002\Services\vspf_hk
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Claire (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 21:28:40 | 15/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Celeron(R) M processor 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ Enabled | Updated ]
AV : Microsoft Security Essentials 2.0.6212.0 [ Enabled | Updated ]
C:\ -> Disque fixe local | 35,61 Go (2,26 Go free) [ACER] | FAT32
D:\ -> Disque fixe local | 35,99 Go (32,05 Go free) [ACERDATA] | FAT32
E:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM | 23,64 Mo (0 Mo free) [Mobile Partner] | CDFS
H:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Micro Application\LauncherMA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet 3G+ Bouygues Telecom\Internet 3G+ Bouygues Telecom.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Claire\Bureau\List_Killem.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Claire\Local Settings\Temp\2F.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quaranteend & Deleted !! : C:\Documents and Settings\All Users\Application Data\file joy proc deaf
Quaranteend & Deleted !! : C:\Program Files\EoRezo
Quaranteend & Deleted !! : C:\Program Files\Internet Explorer\fxavx.ini
Quaranteend & Deleted !! : C:\WINDOWS\_delis32.ini
Quaranteend & Deleted !! : C:\WINDOWS\Fonts\GRGAREF.TTF
Quaranteend & Deleted !! : C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
Quaranteend & Deleted !! : C:\WINDOWS\iun6002.exe
Quaranteend & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quaranteend & Deleted !! : C:\WINDOWS\system32\MSWINSCK.OCX
Quaranteend & Deleted !! : C:\WINDOWS\system32\rnaph.dll
Quaranteend & Deleted !! : C:\WINDOWS\System32\stera.log
Quaranteend & Deleted !! : C:\Documents and Settings\Claire\Application Data\ItsLabel
Quaranteend & Deleted !! : C:\Documents and Settings\Claire\Local Settings\Application Data\vjospywuv.exe
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKCU\software\Iminent
Deleted : HKCU\SOFTWARE\ItsLabel
Deleted : HKCU\software\Live-Player
Deleted : HKLM\SOFTWARE\Classes\HbtHostIE.Bho
Deleted : HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1
Deleted : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar
Deleted : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1
Deleted : HKLM\SOFTWARE\ItsLabel
Deleted : HKLM\software\Iminent
Deleted : HKLM\software\Live-Player
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
Deleted : HKLM\SOFTWARE\ShopperReports
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_FOPN
Deleted : HKLM\SYSTEM\ControlSet001\Services\vspf
Deleted : HKLM\SYSTEM\ControlSet001\Services\vspf_hk
Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_FOPN
Deleted : HKLM\SYSTEM\ControlSet002\Services\vspf
Deleted : HKLM\SYSTEM\ControlSet002\Services\vspf_hk
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
