Virus systeme 32 et compte rendu hijack

elo1234 Messages postés 12 Statut Membre -  
 gen-hackman -
Bonjour, et d'avance désolée,
1virus s'est installé et j'ai suivi les recommandations du forum jusqu'à ce que j'obtienne les résultats du scan de hijack que voici...
quelqu'un peut m'aider. Une fenêtre s'ouvre sans discontinuer "antivirus plus", nouveau programme... Merci de votre aide
ogfile of HijackThis v1.99.1
Scan saved at 20:08:42, on 15/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\documents and settings\elo\local settings\application data\bvcgkg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spider.exe
C:\Documents and Settings\elo\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=wibeez&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 78.159.125.65 www.google.no
O1 - Hosts: 78.159.125.65 www.google.nl
O1 - Hosts: 78.159.125.65 www.google.com
O1 - Hosts: 78.159.125.65 www.google.se
O1 - Hosts: 78.159.125.65 uk.search.yahoo.com
O1 - Hosts: 78.159.125.65 www.google.pt
O1 - Hosts: 78.159.125.65 www.google.es
O1 - Hosts: 78.159.125.65 www.google.ca
O1 - Hosts: 78.159.125.65 www.google.be
O1 - Hosts: 78.159.125.65 www.google.fi
O1 - Hosts: 78.159.125.65 www.google.com.br
O1 - Hosts: 78.159.125.65 www.google.co.uk
O1 - Hosts: 78.159.125.65 www.google.dk
O1 - Hosts: 78.159.125.65 www.google.co.jp
O1 - Hosts: 78.159.125.65 www.google.fr
O1 - Hosts: 78.159.125.65 www.google.co.za
O1 - Hosts: 78.159.125.65 www.google.de
O1 - Hosts: 78.159.125.65 www.google.ch
O1 - Hosts: 78.159.125.65 www.google.at
O1 - Hosts: 78.159.125.65 www.google.it
O1 - Hosts: 78.159.125.65 search.yahoo.com
O1 - Hosts: 78.159.125.65 www.google.ie
O1 - Hosts: 78.159.125.65 us.search.yahoo.com
O1 - Hosts: 78.159.125.65 www.google.gr
O1 - Hosts: 78.159.125.65 www.google.com.mx
O1 - Hosts: 78.159.125.65 www.google.com.au
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Antivirus Plus BHO - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gwprimawega - {fbbf2b81-7224-b995-56cc-d6bb54501a22} - C:\WINDOWS\system32\p6ri5q-Mj2SB.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\elo\LOCALS~1\Temp\injh8.exe
O4 - HKCU\..\Run: [bvcgkg] "c:\documents and settings\elo\local settings\application data\bvcgkg.exe" bvcgkg
O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: Programme de démarrage du Mode automatique Click to DVD.lnk = C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe
O4 - Global Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
Configuration: Windows XP
Firefox 3.5.7

51 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un doute d'infection par 1virus est relevé, avec un rapport HijackThis détaillant des redirections de recherche, des pages de démarrage modifiées et des services/processus suspects sur Windows XP. Des solutions proposées incluent la réanalyse avec OTL, ATFcleaner et CCleaner, puis des nettoyages et mises à jour des antivirus, afin d'identifier et mettre en quarantaine les éléments détectés. D'autres évoquent l'usage de Combofix sous supervision et des outils comme OAD pour cibler des fichiers suspects tels que OLD2F.tmp ou des drivers menacants, tout en rappelant des précautions de sécurité. En cas de doute, la communauté insiste sur la patience et la vérification croisée des rapports entre outils, afin de confirmer l'efficacité des nettoyages et d'éviter les faux positifs.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. gen-hackman
     
    salut :

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

    ▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau

    ▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "creer une icone sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.

    0
  2. elo1234 Messages postés 12 Statut Membre
     
    merci de me répondre, c"est cool....
    à prioiri, mon pare feu était déjà désactivé... quant à mon anti-virus, c'est ok. J'ai lancé le prgm. et voilà le compte rendu
    List'em by g3n-h@ckm@n 1.1.8.3

    Thx to El Desaparecido.....& CCM team

    User : elo (Administrateurs)
    Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
    Start at: 20:47:41 | 15/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Genuine Intel(R) CPU T2300 @ 1.66GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ (!) Disabled | Updated ]
    FW : Norton Internet Worm Protection[ (!) Disabled ]2006

    C:\ -> Disque fixe local | 37,26 Go (1,1 Go free) [VAIO] | NTFS
    D:\ -> Disque fixe local | 30,28 Go (24,95 Go free) [VAIO] | NTFS
    E:\ -> Disque amovible
    F:\ -> Disque CD-ROM
    G:\ -> Disque amovible | 243,66 Mo (0 Mo free) | FAT
    H:\ -> Disque fixe local | 298,01 Go (109,14 Go free) [My Passport] | FAT32

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winsudate\gibusr.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\documents and settings\elo\local settings\application data\bvcgkg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Winsudate\gibsvc.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\spider.exe
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\elo\Local Settings\Temp\57.tmp\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
    updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    MsnMsgr REG_SZ "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
    VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    WinUsr REG_SZ C:\Program Files\Winsudate\gibusr.exe
    PC Suite Tray REG_SZ "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    ygua8e7yhuiesfha876yfauy8fe REG_SZ C:\DOCUME~1\elo\LOCALS~1\Temp\injh8.exe
    bvcgkg REG_SZ "c:\documents and settings\elo\local settings\application data\bvcgkg.exe" bvcgkg
    AntiVirus Plus REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    Apoint REG_SZ C:\Program Files\Apoint\Apoint.exe
    ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
    Mouse Suite 98 Daemon REG_SZ ICO.EXE
    VAIOCameraUtility REG_SZ "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
    SonyPowerCfg REG_SZ C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    ISBMgr.exe REG_SZ C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    Switcher.exe REG_SZ C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    VAIO Update 2 REG_SZ "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    PDService.exe REG_SZ C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
    Acrobat Assistant 7.0 REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    <NO NAME> REG_SZ
    SsAAD.exe REG_SZ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    SetDefPrt REG_SZ C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    ControlCenter2.0 REG_SZ C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    AntiVirus Plus REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)
    InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 145 (0x91)

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe REG_SZ C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server
    C:\eMULE\emule.exe REG_SZ C:\eMULE\emule.exe:*:Enabled:eMule
    C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe REG_SZ C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
    C:\Program Files\Pando Networks\Pando\pando.exe REG_SZ C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application
    C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Messenger\livecall.exe REG_SZ C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
    C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Messenger\livecall.exe REG_SZ C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

    ===============
    ActivX controls
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{31435657-9980-0010-8000-00AA00389B71}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbbf2b81-7224-b995-56cc-d6bb54501a22}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.hugedomains.com/domain_profile.cfm?d=wibeez&e=com

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    SharedAccess : 0x2
    wuauserv : 0x2

    =========

    H:\Autorun.inf :
    ----------------
    [autorun]
    open=WDSetup.exe
    ICON=AUTORUN\WDLOGO.ICO

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    37,26 Go total, 1,11 Go libre (2%), 34% fragment‚ (fragmentation du fichier 62%)

    Vous devriez d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    C:\Program Files\Winsudate
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\kb913800.exe
    C:\WINDOWS\System32\twain_32
    C:\Documents and Settings\elo\Application Data\wklnhst.dat
    C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg.exe
    C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_nav.dat
    C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_nav.dat
    C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_navps.dat

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winusr"
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ygua8e7yhuiesfha876yfauy8fe"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    HKCU\SOFTWARE\fcn
    HKCU\SOFTWARE\OOO
    HKLM\SYSTEM\ControlSet001\Services\winsvc
    HKLM\SYSTEM\ControlSet003\Services\winsvc
    HKLM\SYSTEM\CurrentControlSet\Services\winsvc

    ================
    Other infections
    ================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-15 21:07:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:00001507

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    Adobe
    Alwil Software
    AndreaMosaic
    Apoint
    Apple Software Update
    Bonjour
    Brother
    Canon
    Codecs DivX
    Common Files
    ComPlus Applications
    CONEXANT
    DIFX
    DivX
    Fichiers communs
    Google
    Google AFE
    InstallShield Installation Information
    Intel
    Internet Explorer
    InterVideo
    iPod
    ISP
    iTunes
    Java
    K-Lite Codec Pack
    List_Kill'em
    Messenger
    Microsoft CAPICOM 2.1.0.2
    microsoft frontpage
    Microsoft Office
    Microsoft SQL Server
    Microsoft Works
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    MSN
    MSN Gaming Zone
    MSXML 4.0
    NetMeeting
    Neuf
    Nokia
    Outlook Express
    PC Connectivity Solution
    Picasa2
    QuickTime
    Raccourcis de programmes
    Roxio
    Safari
    ScanSoft
    Services en ligne
    SigmaTel
    Skype
    Sony
    Sun
    Uninstall Information
    Unity
    Utimaco
    VideoLAN
    Windows Live
    Windows Live Toolbar
    Windows Media Player
    Windows NT
    Windows Plus
    WindowsUpdate
    Winsudate
    xerox

    ============
    Lecteur C:
    ============

    AUTOEXEC.BAT
    boot.ini
    Bootfont.bin
    Config.Msi
    CONFIG.SYS
    Documentation
    Documents and Settings
    Drivers
    eMULE
    hiberfil.sys
    HSF
    IO.SYS
    itunes
    Kill'em
    List'em.txt
    MSDOS.SYS
    MSOCache
    NTDETECT.COM
    ntldr
    pagefile.sys
    Program Files
    RECYCLER
    SSV
    System Volume Information
    tvneuf
    Update
    WINDOWS

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    C:\Program Files\Adobe\Photoshop Elements 4.0\Previews\filters\texture\Patchwork.atn
    C:\Program Files\Sony\VAIO Edit Components 6\MotionDrawing Media\Effet sc‚nique\cracker.anim
    C:\Program Files\Sony\VAIO Edit Components 6\MotionDrawing Media\Effet sc‚nique\cracker.ini
    C:\Program Files\Microsoft Works\Setup\Install.exe

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  3. gen-hackman
     
    bien :

    ▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse
    0
  4. elo1234 Messages postés 12 Statut Membre
     
    voila le deuxième compte rendu
    Kill'em by g3n-h@ckm@n 1.1.8.3

    User : elo (Administrateurs)
    Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
    Start at: 21:40:09 | 15/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Genuine Intel(R) CPU T2300 @ 1.66GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ (!) Disabled | Updated ]
    FW : Norton Internet Worm Protection[ (!) Disabled ]2006

    C:\ -> Disque fixe local | 37,26 Go (1,1 Go free) [VAIO] | NTFS
    D:\ -> Disque fixe local | 30,28 Go (24,95 Go free) [VAIO] | NTFS
    E:\ -> Disque amovible
    F:\ -> Disque CD-ROM
    G:\ -> Disque amovible | 243,66 Mo (0 Mo free) | FAT
    H:\ -> Disque fixe local | 298,01 Go (109,14 Go free) [My Passport] | FAT32

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winsudate\gibusr.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\documents and settings\elo\local settings\application data\bvcgkg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Winsudate\gibsvc.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\WINDOWS\system32\spider.exe
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\elo\Local Settings\Temp\59.tmp\pv.exe

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quaranteend & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    Quaranteend & Deleted !! : C:\Program Files\Winsudate
    Quaranteend & Deleted !! : C:\WINDOWS\iun6002.exe
    Quaranteend & Deleted !! : C:\WINDOWS\kb913800.exe

    Quaranteend & Deleted !! : C:\WINDOWS\System32\twain_32
    Quaranteend & Deleted !! : C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg.exe
    Quaranteend & Deleted !! : C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_nav.dat
    Quaranteend & Deleted !! : C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_navps.dat

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ygua8e7yhuiesfha876yfauy8fe
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
    Deleted : HKCU\SOFTWARE\fcn
    Deleted : HKCU\SOFTWARE\OOO
    Deleted : HKLM\SYSTEM\ControlSet001\Services\winsvc
    Deleted : HKLM\SYSTEM\ControlSet003\Services\winsvc

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    Télécharge OTL de OLDTimer

    enregistre le sur ton Bureau.

    ▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant scan all users

    ▶ règle-le sur "60 Days"

    ▶ dans la colonne de gauche , mets tout sur all

    ne modifie pas ceci :

    "files created whithin" et "files modified whithin"


    ▶Clic sur Run Scan.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶▶ Tu feras la meme chose avec le "Extra.txt".
    0
  7. elo1234 Messages postés 12 Statut Membre
     
    les 2rapports
    http://www.cijoint.fr/cjlink.php?file=cj201001/ciji3YoKBw.txt
    http://www.cijoint.fr/cjlink.php?file=cj201001/ciji3YoKBw.txt
    0
  8. gen-hackman
     
    C'est un adware installé par les programmes suivants:

    * Funky Emoticons
    * Games Attack
    * go-astro
    * GoRecord
    * HotTVPlayer / HotTVPlayer & Paris Hilton
    * Live-Player
    * MailSkinner
    * Messenger Skinner
    * Instant Access
    * InternetGameBox
    * Official Emule (Version d'Emule modifiée)
    * Original Solitaire
    * SuperSexPlayer
    * Speed Downloading
    * Sudoplanet
    * Webmediaplayer
    * Sur le site www.games-desktop.com (n'allez pas dessus!!)

    (N'aie plus aucun contact avec eux)

    Lien utile: http://www.malekal.com/Adware.Magic_Control.php

    Télécharge Navilog1 depuis-ce lien

    ▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    ▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.

    Une fois l'installation terminée, le fix s'exécutera automatiquement.

    ▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***

    >>>>> Le fix peut durer une dizaine de minutes ;)

    ▶ Appuie sur une touche le bloc note va s'ouvrir.

    ▶ Copie-colle le rapport ici.

    0
  9. elo1234 Messages postés 12 Statut Membre
     
    rapport navilog
    Fix Navipromo version 4.0.6 commencé le 15/01/2010 22:30:34,61

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
    BIOS : Phoenix NoteBIOS 4.0 Release 6.1
    USER : elo ( Administrator )
    BOOT : Normal boot

    Antivirus : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 (Not Activated)
    Firewall : Norton Internet Worm Protection 2006 (Not Activated)

    C:\ (Local Disk) - NTFS - Total:37 Go (Free:1 Go)
    D:\ (Local Disk) - NTFS - Total:30 Go (Free:24 Go)
    E:\ (USB)
    F:\ (CD or DVD)
    G:\ (USB) - FAT - Total:243 Mo (Free:0 Go)
    H:\ (Local Disk) - FAT32 - Total:298 Go (Free:109 Go)

    Recherche executée en mode normal

    Nettoyage exécuté au redémarrage de l'ordinateur

    c:\docume~1\elo\locals~1\applic~1\bvcgkg.dat supprimé !
    c:\docume~1\elo\locals~1\applic~1\bvcgkg_navps.dat supprimé !

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\elo\locals~1\Temp effectué !

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Scan terminé 15/01/2010 22:37:46,67 ***
    0
  10. elo1234 Messages postés 12 Statut Membre
     
    voici le lien après OTL 2
    http://www.cijoint.fr/cjlink.php?file=cj201001/cijO4bH9Cx.txt
    0
  11. gen-hackman
     
    ▶ Double clic sur OTL.exe pour le lancer.

    ▶Copie la liste qui se trouve en gras ci-dessous,

    ▶ colle-la dans la zone sous Customs Scans/Fixes :


    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
    O2 - BHO: (Antivirus Plus BHO) - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll ()
    O2 - BHO: (gwprimawega) - {fbbf2b81-7224-b995-56cc-d6bb54501a22} - C:\WINDOWS\system32\p6ri5q-Mj2SB.dll ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AntiVirus Plus] File not found
    O4 - HKU\S-1-5-21-139329984-3171950058-1767654482-1006..\Run: [AntiVirus Plus] File not found
    O4 - HKU\S-1-5-21-139329984-3171950058-1767654482-1006..\Run: [MsnMsgr] C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O33 - MountPoints2\{2ef65724-236b-11de-b2a3-0013a9095005}\Shell\AutoRun\command - "" = G:\ClickMe.exe -- File not found

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ControlCenter2.0"=-
    "iTunesHelper"=-
    "QuickTime Task"=-
    "SetDefPrt"=-

    :files
    C:\Documents and Settings\elo\Application Data\AntiVirus Plus
    C:\Documents and Settings\elo\Bureau\List_Killem_Install.exe
    C:\Documents and Settings\elo\Bureau\AntiVirus Plus.lnk
    C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk
    C:\WINDOWS\System32\p6ri5q-Mj2SB.dll
    C:\Documents and Settings\All Users\Application Data\15820784
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    C:\Documents and Settings\elo\Application Data\AntiVirus Plus

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    ▶ Clique sur RunFix pour lancer la suppression.

    ▶ Poste le rapport.
    0
  12. elo1234 Messages postés 12 Statut Membre
     
    LE RAPPORT
    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    No active process named iexplore.exe was found!
    No active process named firefox.exe was found!
    No active process named msnmsgr.exe was found!
    No active process named Teatimer.exe was found!
    ========== OTL ==========
    Prefs.js: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ deleted successfully.
    C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbbf2b81-7224-b995-56cc-d6bb54501a22}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbbf2b81-7224-b995-56cc-d6bb54501a22}\ deleted successfully.
    C:\WINDOWS\system32\p6ri5q-Mj2SB.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-139329984-3171950058-1767654482-1006\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-139329984-3171950058-1767654482-1006\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk moved successfully.
    C:\WINDOWS\system32\rundll32.exe moved successfully.
    C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk moved successfully.
    File C:\WINDOWS\system32\rundll32.exe not found.
    Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef65724-236b-11de-b2a3-0013a9095005}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef65724-236b-11de-b2a3-0013a9095005}\ not found.
    File G:\ClickMe.exe not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ControlCenter2.0 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SetDefPrt deleted successfully.
    ========== FILES ==========
    C:\Documents and Settings\elo\Application Data\AntiVirus Plus folder moved successfully.
    C:\Documents and Settings\elo\Bureau\List_Killem_Install.exe moved successfully.
    C:\Documents and Settings\elo\Bureau\AntiVirus Plus.lnk moved successfully.
    File\Folder C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk not found.
    File\Folder C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk not found.
    File\Folder C:\WINDOWS\System32\p6ri5q-Mj2SB.dll not found.
    C:\Documents and Settings\All Users\Application Data\15820784 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
    File\Folder C:\Documents and Settings\elo\Application Data\AntiVirus Plus not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: elo
    ->Temp folder emptied: 1317409 bytes
    ->Temporary Internet Files folder emptied: 16883161 bytes
    ->Java cache emptied: 29807655 bytes
    ->FireFox cache emptied: 119776551 bytes
    ->Apple Safari cache emptied: 65127702 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33510 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 567215 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33177 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 218634 bytes

    Total Files Cleaned = 223,00 mb

    OTL by OldTimer - Version 3.1.25.0 log created on 01152010_233541

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!
    C:\WINDOWS\temp\Perflib_Perfdata_764.dat moved successfully.

    Registry entries deleted on Reboot...
    0
  13. gen-hackman
     
    bien refais un scan OTL apres avoir redemarré ton ordi stp
    0
  14. elo1234 Messages postés 12 Statut Membre
     
    le ptit nouveau
    http://www.cijoint.fr/cjlink.php?file=cj201001/cijNbOvB5L.txt
    0
  15. gen-hackman
     
    ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    * - Coche Afficher les fichiers et dossiers cachés
    * - Décoche Masquer les extensions des fichiers dont le type est connu
    * - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

    ▶ clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal :

    Virus Total

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

    C:\WINDOWS\System32\EKPhAIQLOW_-g.exe


    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

    Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
    0
  16. elo1234 Messages postés 12 Statut Membre
     
    Fichier EKPhAIQLOW_-g.exe reçu le 2010.01.15 23:41:04 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.01.16 -
    AhnLab-V3 5.0.0.2 2010.01.15 -
    AntiVir 7.9.1.142 2010.01.15 -
    Antiy-AVL 2.0.3.7 2010.01.12 -
    Authentium 5.2.0.5 2010.01.15 -
    Avast 4.8.1351.0 2010.01.16 -
    AVG 9.0.0.730 2010.01.16 -
    BitDefender 7.2 2010.01.16 -
    CAT-QuickHeal 10.00 2010.01.15 -
    ClamAV 0.94.1 2010.01.15 -
    Comodo 3597 2010.01.15 -
    DrWeb 5.0.1.12222 2010.01.16 -
    eSafe 7.0.17.0 2010.01.14 -
    eTrust-Vet 35.2.7240 2010.01.15 -
    F-Prot 4.5.1.85 2010.01.15 -
    F-Secure 9.0.15370.0 2010.01.15 -
    Fortinet 4.0.14.0 2010.01.15 -
    GData 19 2010.01.15 -
    Ikarus T3.1.1.80.0 2010.01.15 -
    Jiangmin 13.0.900 2010.01.15 -
    K7AntiVirus 7.10.948 2010.01.15 -
    Kaspersky 7.0.0.125 2010.01.16 -
    McAfee 5862 2010.01.15 -
    McAfee+Artemis 5862 2010.01.15 -
    McAfee-GW-Edition 6.8.5 2010.01.16 -
    Microsoft 1.5302 2010.01.16 -
    NOD32 4776 2010.01.15 -
    Norman 6.04.03 2010.01.15 -
    nProtect 2009.1.8.0 2010.01.15 -
    Panda 10.0.2.2 2010.01.15 -
    PCTools 7.0.3.5 2010.01.16 -
    Prevx 3.0 2010.01.16 High Risk Cloaked Malware
    Rising 22.30.04.04 2010.01.15 -
    Sophos 4.49.0 2010.01.16 -
    Sunbelt 3.2.1858.2 2010.01.15 -
    Symantec 20091.2.0.41 2010.01.16 -
    TheHacker 6.5.0.4.153 2010.01.15 -
    TrendMicro 9.120.0.1004 2010.01.15 -
    VBA32 3.12.12.1 2010.01.15 -
    ViRobot 2010.1.15.2138 2010.01.15 -
    VirusBuster 5.0.21.0 2010.01.15 -
    Information additionnelle
    File size: 118256 bytes
    MD5...: 509fd9d3e6b08762782b9d3a5e55197f
    SHA1..: 02ea38d4b444e162cc45bc6449a1eb89591623a7
    SHA256: 19e8918b9d609dc42e829f4d38271602de6145f64d33e2d0de89c631fe3d378c
    ssdeep: 3072:vQIURTXJ2ceAMP/SZCNCz77q1/amx4Dkcbyw:vsYmMP/SZPupaK4Dkgb<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x323c<br>timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5a5a 0x5c00 6.42 0bc2ffd32265a08d72b795b18265828d<br>.rdata 0x7000 0x1190 0x1200 5.18 f179218a059068529bdb4637ef5fa28e<br>.data 0x9000 0x1af98 0x400 4.71 975304d6dd6c4a4f076b15511e2bbbc0<br>.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0x2f000 0x48d0 0x4a00 5.87 4cc3f89c214e350e27ed0f562ca7c749<br><br>( 8 imports ) <br>> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<br>> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<br>> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<br>> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<br>> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<br>> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<br>> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<br>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    packers (F-Prot): NSIS
    <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D</a>
    pdfid.: -
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.01.16 -
    AhnLab-V3 5.0.0.2 2010.01.15 -
    AntiVir 7.9.1.142 2010.01.15 -
    Antiy-AVL 2.0.3.7 2010.01.12 -
    Authentium 5.2.0.5 2010.01.15 -
    Avast 4.8.1351.0 2010.01.16 -
    AVG 9.0.0.730 2010.01.16 -
    BitDefender 7.2 2010.01.16 -
    CAT-QuickHeal 10.00 2010.01.15 -
    ClamAV 0.94.1 2010.01.15 -
    Comodo 3597 2010.01.15 -
    DrWeb 5.0.1.12222 2010.01.16 -
    eSafe 7.0.17.0 2010.01.14 -
    eTrust-Vet 35.2.7240 2010.01.15 -
    F-Prot 4.5.1.85 2010.01.15 -
    F-Secure 9.0.15370.0 2010.01.15 -
    Fortinet 4.0.14.0 2010.01.15 -
    GData 19 2010.01.15 -
    Ikarus T3.1.1.80.0 2010.01.15 -
    Jiangmin 13.0.900 2010.01.15 -
    K7AntiVirus 7.10.948 2010.01.15 -
    Kaspersky 7.0.0.125 2010.01.16 -
    McAfee 5862 2010.01.15 -
    McAfee+Artemis 5862 2010.01.15 -
    McAfee-GW-Edition 6.8.5 2010.01.16 -
    Microsoft 1.5302 2010.01.16 -
    NOD32 4776 2010.01.15 -
    Norman 6.04.03 2010.01.15 -
    nProtect 2009.1.8.0 2010.01.15 -
    Panda 10.0.2.2 2010.01.15 -
    PCTools 7.0.3.5 2010.01.16 -
    Prevx 3.0 2010.01.16 High Risk Cloaked Malware
    Rising 22.30.04.04 2010.01.15 -
    Sophos 4.49.0 2010.01.16 -
    Sunbelt 3.2.1858.2 2010.01.15 -
    Symantec 20091.2.0.41 2010.01.16 -
    TheHacker 6.5.0.4.153 2010.01.15 -
    TrendMicro 9.120.0.1004 2010.01.15 -
    VBA32 3.12.12.1 2010.01.15 -
    ViRobot 2010.1.15.2138 2010.01.15 -
    VirusBuster 5.0.21.0 2010.01.15 -

    Information additionnelle
    File size: 118256 bytes
    MD5...: 509fd9d3e6b08762782b9d3a5e55197f
    SHA1..: 02ea38d4b444e162cc45bc6449a1eb89591623a7
    SHA256: 19e8918b9d609dc42e829f4d38271602de6145f64d33e2d0de89c631fe3d378c
    ssdeep: 3072:vQIURTXJ2ceAMP/SZCNCz77q1/amx4Dkcbyw:vsYmMP/SZPupaK4Dkgb<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x323c<br>timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5a5a 0x5c00 6.42 0bc2ffd32265a08d72b795b18265828d<br>.rdata 0x7000 0x1190 0x1200 5.18 f179218a059068529bdb4637ef5fa28e<br>.data 0x9000 0x1af98 0x400 4.71 975304d6dd6c4a4f076b15511e2bbbc0<br>.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0x2f000 0x48d0 0x4a00 5.87 4cc3f89c214e350e27ed0f562ca7c749<br><br>( 8 imports ) <br>> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<br>> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<br>> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<br>> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<br>> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<br>> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<br>> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<br>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<br><br>( 0 exports ) <br>
    RDS...: NSRL Reference Data Set<br>-
    packers (F-Prot): NSIS
    <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D</a>
    pdfid.: -
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    0
  17. elo1234 Messages postés 12 Statut Membre
     
    Je viens de supprimer le fichier et de vider la corbeille
    0
  18. gen-hackman
     
    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    ▶ Télécharge :

    Malwarebytes

    ou :

    Malwarebytes

    ▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

    ▶ Potasses le Tuto pour te familiariser avec le prg :

    ( cela dit, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    ▶ Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    ▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    ▶ à la fin tu cliques sur "résultat" .
    Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0
  19. elo1234 Messages postés 12 Statut Membre
     
    j'ai du rallumer l'ordi et voilà le rapport
    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3573
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    16/01/2010 01:59:12
    mbam-log-2010-01-16 (01-59-12).txt

    Type de recherche: Examen complet (C:\|D:\|G:\|H:\|)
    Eléments examinés: 225134
    Temps écoulé: 47 minute(s), 45 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\elo\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\elo\Mes documents\Mes fichiers reçus\registry-doktor-06fr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Kill'em\Quarantine\Winsudate.Kill'em\gibsvc.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Kill'em\Quarantine\Winsudate.Kill'em\gibusr.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\elo\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\elo\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\elo\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\elo\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
    0
  • 1
  • 2
  • 3