Virus systeme 32 et compte rendu hijack
Fermé
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
-
15 janv. 2010 à 20:18
Utilisateur anonyme - 25 janv. 2010 à 22:58
Utilisateur anonyme - 25 janv. 2010 à 22:58
A voir également:
- Virus systeme 32 et compte rendu hijack
- Restauration systeme - Guide
- Créer un compte gmail - Guide
- Créer un compte google - Guide
- Supprimer compte instagram - Guide
- 32 bits - Guide
51 réponses
Utilisateur anonyme
15 janv. 2010 à 20:26
15 janv. 2010 à 20:26
salut :
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
15 janv. 2010 à 21:33
15 janv. 2010 à 21:33
merci de me répondre, c"est cool....
à prioiri, mon pare feu était déjà désactivé... quant à mon anti-virus, c'est ok. J'ai lancé le prgm. et voilà le compte rendu
List'em by g3n-h@ckm@n 1.1.8.3
Thx to El Desaparecido.....& CCM team
User : elo (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 20:47:41 | 15/01/2010
Contact : g3n-h@ckm@n sur CCM
Genuine Intel(R) CPU T2300 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 37,26 Go (1,1 Go free) [VAIO] | NTFS
D:\ -> Disque fixe local | 30,28 Go (24,95 Go free) [VAIO] | NTFS
E:\ -> Disque amovible
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 243,66 Mo (0 Mo free) | FAT
H:\ -> Disque fixe local | 298,01 Go (109,14 Go free) [My Passport] | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\documents and settings\elo\local settings\application data\bvcgkg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\elo\Local Settings\Temp\57.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
MsnMsgr REG_SZ "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
WinUsr REG_SZ C:\Program Files\Winsudate\gibusr.exe
PC Suite Tray REG_SZ "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
ygua8e7yhuiesfha876yfauy8fe REG_SZ C:\DOCUME~1\elo\LOCALS~1\Temp\injh8.exe
bvcgkg REG_SZ "c:\documents and settings\elo\local settings\application data\bvcgkg.exe" bvcgkg
AntiVirus Plus REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Apoint REG_SZ C:\Program Files\Apoint\Apoint.exe
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
Mouse Suite 98 Daemon REG_SZ ICO.EXE
VAIOCameraUtility REG_SZ "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
SonyPowerCfg REG_SZ C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
ISBMgr.exe REG_SZ C:\Program Files\Sony\ISB Utility\ISBMgr.exe
Switcher.exe REG_SZ C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
VAIO Update 2 REG_SZ "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
PDService.exe REG_SZ C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
Acrobat Assistant 7.0 REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
<NO NAME> REG_SZ
SsAAD.exe REG_SZ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
SetDefPrt REG_SZ C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
ControlCenter2.0 REG_SZ C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
AntiVirus Plus REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe REG_SZ C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server
C:\eMULE\emule.exe REG_SZ C:\eMULE\emule.exe:*:Enabled:eMule
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe REG_SZ C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
C:\Program Files\Pando Networks\Pando\pando.exe REG_SZ C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Messenger\livecall.exe REG_SZ C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Messenger\livecall.exe REG_SZ C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{31435657-9980-0010-8000-00AA00389B71}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbbf2b81-7224-b995-56cc-d6bb54501a22}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.hugedomains.com/domain_profile.cfm?d=wibeez&e=com
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
H:\Autorun.inf :
----------------
[autorun]
open=WDSetup.exe
ICON=AUTORUN\WDLOGO.ICO
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
37,26 Go total, 1,11 Go libre (2%), 34% fragment‚ (fragmentation du fichier 62%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\Program Files\Winsudate
C:\WINDOWS\iun6002.exe
C:\WINDOWS\kb913800.exe
C:\WINDOWS\System32\twain_32
C:\Documents and Settings\elo\Application Data\wklnhst.dat
C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg.exe
C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_nav.dat
C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_nav.dat
C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_navps.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winusr"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ygua8e7yhuiesfha876yfauy8fe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCU\SOFTWARE\fcn
HKCU\SOFTWARE\OOO
HKLM\SYSTEM\ControlSet001\Services\winsvc
HKLM\SYSTEM\ControlSet003\Services\winsvc
HKLM\SYSTEM\CurrentControlSet\Services\winsvc
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 21:07:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00001507
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Adobe
Alwil Software
AndreaMosaic
Apoint
Apple Software Update
Bonjour
Brother
Canon
Codecs DivX
Common Files
ComPlus Applications
CONEXANT
DIFX
DivX
Fichiers communs
Google
Google AFE
InstallShield Installation Information
Intel
Internet Explorer
InterVideo
iPod
ISP
iTunes
Java
K-Lite Codec Pack
List_Kill'em
Messenger
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
MSXML 4.0
NetMeeting
Neuf
Nokia
Outlook Express
PC Connectivity Solution
Picasa2
QuickTime
Raccourcis de programmes
Roxio
Safari
ScanSoft
Services en ligne
SigmaTel
Skype
Sony
Sun
Uninstall Information
Unity
Utimaco
VideoLAN
Windows Live
Windows Live Toolbar
Windows Media Player
Windows NT
Windows Plus
WindowsUpdate
Winsudate
xerox
============
Lecteur C:
============
AUTOEXEC.BAT
boot.ini
Bootfont.bin
Config.Msi
CONFIG.SYS
Documentation
Documents and Settings
Drivers
eMULE
hiberfil.sys
HSF
IO.SYS
itunes
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
Program Files
RECYCLER
SSV
System Volume Information
tvneuf
Update
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Program Files\Adobe\Photoshop Elements 4.0\Previews\filters\texture\Patchwork.atn
C:\Program Files\Sony\VAIO Edit Components 6\MotionDrawing Media\Effet sc‚nique\cracker.anim
C:\Program Files\Sony\VAIO Edit Components 6\MotionDrawing Media\Effet sc‚nique\cracker.ini
C:\Program Files\Microsoft Works\Setup\Install.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
à prioiri, mon pare feu était déjà désactivé... quant à mon anti-virus, c'est ok. J'ai lancé le prgm. et voilà le compte rendu
List'em by g3n-h@ckm@n 1.1.8.3
Thx to El Desaparecido.....& CCM team
User : elo (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 20:47:41 | 15/01/2010
Contact : g3n-h@ckm@n sur CCM
Genuine Intel(R) CPU T2300 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 37,26 Go (1,1 Go free) [VAIO] | NTFS
D:\ -> Disque fixe local | 30,28 Go (24,95 Go free) [VAIO] | NTFS
E:\ -> Disque amovible
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 243,66 Mo (0 Mo free) | FAT
H:\ -> Disque fixe local | 298,01 Go (109,14 Go free) [My Passport] | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\documents and settings\elo\local settings\application data\bvcgkg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\elo\Local Settings\Temp\57.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
MsnMsgr REG_SZ "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
WinUsr REG_SZ C:\Program Files\Winsudate\gibusr.exe
PC Suite Tray REG_SZ "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
ygua8e7yhuiesfha876yfauy8fe REG_SZ C:\DOCUME~1\elo\LOCALS~1\Temp\injh8.exe
bvcgkg REG_SZ "c:\documents and settings\elo\local settings\application data\bvcgkg.exe" bvcgkg
AntiVirus Plus REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Apoint REG_SZ C:\Program Files\Apoint\Apoint.exe
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
Mouse Suite 98 Daemon REG_SZ ICO.EXE
VAIOCameraUtility REG_SZ "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
SonyPowerCfg REG_SZ C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
ISBMgr.exe REG_SZ C:\Program Files\Sony\ISB Utility\ISBMgr.exe
Switcher.exe REG_SZ C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
VAIO Update 2 REG_SZ "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
PDService.exe REG_SZ C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
Acrobat Assistant 7.0 REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
<NO NAME> REG_SZ
SsAAD.exe REG_SZ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
SetDefPrt REG_SZ C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
ControlCenter2.0 REG_SZ C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
AntiVirus Plus REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe REG_SZ C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server
C:\eMULE\emule.exe REG_SZ C:\eMULE\emule.exe:*:Enabled:eMule
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe REG_SZ C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
C:\Program Files\Pando Networks\Pando\pando.exe REG_SZ C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Messenger\livecall.exe REG_SZ C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Messenger\livecall.exe REG_SZ C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{31435657-9980-0010-8000-00AA00389B71}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fbbf2b81-7224-b995-56cc-d6bb54501a22}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.hugedomains.com/domain_profile.cfm?d=wibeez&e=com
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
H:\Autorun.inf :
----------------
[autorun]
open=WDSetup.exe
ICON=AUTORUN\WDLOGO.ICO
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
37,26 Go total, 1,11 Go libre (2%), 34% fragment‚ (fragmentation du fichier 62%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\Program Files\Winsudate
C:\WINDOWS\iun6002.exe
C:\WINDOWS\kb913800.exe
C:\WINDOWS\System32\twain_32
C:\Documents and Settings\elo\Application Data\wklnhst.dat
C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg.exe
C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_nav.dat
C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_nav.dat
C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_navps.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winusr"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ygua8e7yhuiesfha876yfauy8fe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCU\SOFTWARE\fcn
HKCU\SOFTWARE\OOO
HKLM\SYSTEM\ControlSet001\Services\winsvc
HKLM\SYSTEM\ControlSet003\Services\winsvc
HKLM\SYSTEM\CurrentControlSet\Services\winsvc
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 21:07:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00001507
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Adobe
Alwil Software
AndreaMosaic
Apoint
Apple Software Update
Bonjour
Brother
Canon
Codecs DivX
Common Files
ComPlus Applications
CONEXANT
DIFX
DivX
Fichiers communs
Google AFE
InstallShield Installation Information
Intel
Internet Explorer
InterVideo
iPod
ISP
iTunes
Java
K-Lite Codec Pack
List_Kill'em
Messenger
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft SQL Server
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
MSXML 4.0
NetMeeting
Neuf
Nokia
Outlook Express
PC Connectivity Solution
Picasa2
QuickTime
Raccourcis de programmes
Roxio
Safari
ScanSoft
Services en ligne
SigmaTel
Skype
Sony
Sun
Uninstall Information
Unity
Utimaco
VideoLAN
Windows Live
Windows Live Toolbar
Windows Media Player
Windows NT
Windows Plus
WindowsUpdate
Winsudate
xerox
============
Lecteur C:
============
AUTOEXEC.BAT
boot.ini
Bootfont.bin
Config.Msi
CONFIG.SYS
Documentation
Documents and Settings
Drivers
eMULE
hiberfil.sys
HSF
IO.SYS
itunes
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
Program Files
RECYCLER
SSV
System Volume Information
tvneuf
Update
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Program Files\Adobe\Photoshop Elements 4.0\Previews\filters\texture\Patchwork.atn
C:\Program Files\Sony\VAIO Edit Components 6\MotionDrawing Media\Effet sc‚nique\cracker.anim
C:\Program Files\Sony\VAIO Edit Components 6\MotionDrawing Media\Effet sc‚nique\cracker.ini
C:\Program Files\Microsoft Works\Setup\Install.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Utilisateur anonyme
15 janv. 2010 à 21:38
15 janv. 2010 à 21:38
bien :
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
15 janv. 2010 à 21:59
15 janv. 2010 à 21:59
voila le deuxième compte rendu
Kill'em by g3n-h@ckm@n 1.1.8.3
User : elo (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 21:40:09 | 15/01/2010
Contact : g3n-h@ckm@n sur CCM
Genuine Intel(R) CPU T2300 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 37,26 Go (1,1 Go free) [VAIO] | NTFS
D:\ -> Disque fixe local | 30,28 Go (24,95 Go free) [VAIO] | NTFS
E:\ -> Disque amovible
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 243,66 Mo (0 Mo free) | FAT
H:\ -> Disque fixe local | 298,01 Go (109,14 Go free) [My Passport] | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\documents and settings\elo\local settings\application data\bvcgkg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\elo\Local Settings\Temp\59.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quaranteend & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quaranteend & Deleted !! : C:\Program Files\Winsudate
Quaranteend & Deleted !! : C:\WINDOWS\iun6002.exe
Quaranteend & Deleted !! : C:\WINDOWS\kb913800.exe
Quaranteend & Deleted !! : C:\WINDOWS\System32\twain_32
Quaranteend & Deleted !! : C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg.exe
Quaranteend & Deleted !! : C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_nav.dat
Quaranteend & Deleted !! : C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_navps.dat
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ygua8e7yhuiesfha876yfauy8fe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCU\SOFTWARE\fcn
Deleted : HKCU\SOFTWARE\OOO
Deleted : HKLM\SYSTEM\ControlSet001\Services\winsvc
Deleted : HKLM\SYSTEM\ControlSet003\Services\winsvc
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.1.8.3
User : elo (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 21:40:09 | 15/01/2010
Contact : g3n-h@ckm@n sur CCM
Genuine Intel(R) CPU T2300 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 37,26 Go (1,1 Go free) [VAIO] | NTFS
D:\ -> Disque fixe local | 30,28 Go (24,95 Go free) [VAIO] | NTFS
E:\ -> Disque amovible
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 243,66 Mo (0 Mo free) | FAT
H:\ -> Disque fixe local | 298,01 Go (109,14 Go free) [My Passport] | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\documents and settings\elo\local settings\application data\bvcgkg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\elo\Local Settings\Temp\59.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quaranteend & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quaranteend & Deleted !! : C:\Program Files\Winsudate
Quaranteend & Deleted !! : C:\WINDOWS\iun6002.exe
Quaranteend & Deleted !! : C:\WINDOWS\kb913800.exe
Quaranteend & Deleted !! : C:\WINDOWS\System32\twain_32
Quaranteend & Deleted !! : C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg.exe
Quaranteend & Deleted !! : C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_nav.dat
Quaranteend & Deleted !! : C:\Documents and Settings\elo\Local Settings\Application Data\bvcgkg_navps.dat
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ygua8e7yhuiesfha876yfauy8fe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCU\SOFTWARE\fcn
Deleted : HKCU\SOFTWARE\OOO
Deleted : HKLM\SYSTEM\ControlSet001\Services\winsvc
Deleted : HKLM\SYSTEM\ControlSet003\Services\winsvc
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
15 janv. 2010 à 22:03
15 janv. 2010 à 22:03
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
15 janv. 2010 à 22:19
15 janv. 2010 à 22:19
les 2rapports
http://www.cijoint.fr/cjlink.php?file=cj201001/ciji3YoKBw.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/ciji3YoKBw.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/ciji3YoKBw.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/ciji3YoKBw.txt
Utilisateur anonyme
15 janv. 2010 à 22:25
15 janv. 2010 à 22:25
C'est un adware installé par les programmes suivants:
* Funky Emoticons
* Games Attack
* go-astro
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Official Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer
* Sur le site www.games-desktop.com (n'allez pas dessus!!)
(N'aie plus aucun contact avec eux)
Lien utile: http://www.malekal.com/Adware.Magic_Control.php
Télécharge Navilog1 depuis-ce lien
▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
>>>>> Le fix peut durer une dizaine de minutes ;)
▶ Appuie sur une touche le bloc note va s'ouvrir.
▶ Copie-colle le rapport ici.
* Funky Emoticons
* Games Attack
* go-astro
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Official Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer
* Sur le site www.games-desktop.com (n'allez pas dessus!!)
(N'aie plus aucun contact avec eux)
Lien utile: http://www.malekal.com/Adware.Magic_Control.php
Télécharge Navilog1 depuis-ce lien
▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
>>>>> Le fix peut durer une dizaine de minutes ;)
▶ Appuie sur une touche le bloc note va s'ouvrir.
▶ Copie-colle le rapport ici.
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
15 janv. 2010 à 22:40
15 janv. 2010 à 22:40
rapport navilog
Fix Navipromo version 4.0.6 commencé le 15/01/2010 22:30:34,61
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : elo ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 (Not Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:30 Go (Free:24 Go)
E:\ (USB)
F:\ (CD or DVD)
G:\ (USB) - FAT - Total:243 Mo (Free:0 Go)
H:\ (Local Disk) - FAT32 - Total:298 Go (Free:109 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
c:\docume~1\elo\locals~1\applic~1\bvcgkg.dat supprimé !
c:\docume~1\elo\locals~1\applic~1\bvcgkg_navps.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\elo\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Scan terminé 15/01/2010 22:37:46,67 ***
Fix Navipromo version 4.0.6 commencé le 15/01/2010 22:30:34,61
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : elo ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100115-1] 4.8.1368 (Not Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:30 Go (Free:24 Go)
E:\ (USB)
F:\ (CD or DVD)
G:\ (USB) - FAT - Total:243 Mo (Free:0 Go)
H:\ (Local Disk) - FAT32 - Total:298 Go (Free:109 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
c:\docume~1\elo\locals~1\applic~1\bvcgkg.dat supprimé !
c:\docume~1\elo\locals~1\applic~1\bvcgkg_navps.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\elo\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Scan terminé 15/01/2010 22:37:46,67 ***
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
15 janv. 2010 à 22:52
15 janv. 2010 à 22:52
voici le lien après OTL 2
http://www.cijoint.fr/cjlink.php?file=cj201001/cijO4bH9Cx.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/cijO4bH9Cx.txt
Utilisateur anonyme
15 janv. 2010 à 23:07
15 janv. 2010 à 23:07
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
O2 - BHO: (Antivirus Plus BHO) - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll ()
O2 - BHO: (gwprimawega) - {fbbf2b81-7224-b995-56cc-d6bb54501a22} - C:\WINDOWS\system32\p6ri5q-Mj2SB.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AntiVirus Plus] File not found
O4 - HKU\S-1-5-21-139329984-3171950058-1767654482-1006..\Run: [AntiVirus Plus] File not found
O4 - HKU\S-1-5-21-139329984-3171950058-1767654482-1006..\Run: [MsnMsgr] C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O33 - MountPoints2\{2ef65724-236b-11de-b2a3-0013a9095005}\Shell\AutoRun\command - "" = G:\ClickMe.exe -- File not found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter2.0"=-
"iTunesHelper"=-
"QuickTime Task"=-
"SetDefPrt"=-
:files
C:\Documents and Settings\elo\Application Data\AntiVirus Plus
C:\Documents and Settings\elo\Bureau\List_Killem_Install.exe
C:\Documents and Settings\elo\Bureau\AntiVirus Plus.lnk
C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk
C:\WINDOWS\System32\p6ri5q-Mj2SB.dll
C:\Documents and Settings\All Users\Application Data\15820784
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
C:\Documents and Settings\elo\Application Data\AntiVirus Plus
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
O2 - BHO: (Antivirus Plus BHO) - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll ()
O2 - BHO: (gwprimawega) - {fbbf2b81-7224-b995-56cc-d6bb54501a22} - C:\WINDOWS\system32\p6ri5q-Mj2SB.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AntiVirus Plus] File not found
O4 - HKU\S-1-5-21-139329984-3171950058-1767654482-1006..\Run: [AntiVirus Plus] File not found
O4 - HKU\S-1-5-21-139329984-3171950058-1767654482-1006..\Run: [MsnMsgr] C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O33 - MountPoints2\{2ef65724-236b-11de-b2a3-0013a9095005}\Shell\AutoRun\command - "" = G:\ClickMe.exe -- File not found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter2.0"=-
"iTunesHelper"=-
"QuickTime Task"=-
"SetDefPrt"=-
:files
C:\Documents and Settings\elo\Application Data\AntiVirus Plus
C:\Documents and Settings\elo\Bureau\List_Killem_Install.exe
C:\Documents and Settings\elo\Bureau\AntiVirus Plus.lnk
C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk
C:\WINDOWS\System32\p6ri5q-Mj2SB.dll
C:\Documents and Settings\All Users\Application Data\15820784
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
C:\Documents and Settings\elo\Application Data\AntiVirus Plus
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
15 janv. 2010 à 23:48
15 janv. 2010 à 23:48
LE RAPPORT
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ deleted successfully.
C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbbf2b81-7224-b995-56cc-d6bb54501a22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbbf2b81-7224-b995-56cc-d6bb54501a22}\ deleted successfully.
C:\WINDOWS\system32\p6ri5q-Mj2SB.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
Registry value HKEY_USERS\S-1-5-21-139329984-3171950058-1767654482-1006\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
Registry value HKEY_USERS\S-1-5-21-139329984-3171950058-1767654482-1006\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk moved successfully.
C:\WINDOWS\system32\rundll32.exe moved successfully.
C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk moved successfully.
File C:\WINDOWS\system32\rundll32.exe not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef65724-236b-11de-b2a3-0013a9095005}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef65724-236b-11de-b2a3-0013a9095005}\ not found.
File G:\ClickMe.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ControlCenter2.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SetDefPrt deleted successfully.
========== FILES ==========
C:\Documents and Settings\elo\Application Data\AntiVirus Plus folder moved successfully.
C:\Documents and Settings\elo\Bureau\List_Killem_Install.exe moved successfully.
C:\Documents and Settings\elo\Bureau\AntiVirus Plus.lnk moved successfully.
File\Folder C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk not found.
File\Folder C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk not found.
File\Folder C:\WINDOWS\System32\p6ri5q-Mj2SB.dll not found.
C:\Documents and Settings\All Users\Application Data\15820784 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
File\Folder C:\Documents and Settings\elo\Application Data\AntiVirus Plus not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: elo
->Temp folder emptied: 1317409 bytes
->Temporary Internet Files folder emptied: 16883161 bytes
->Java cache emptied: 29807655 bytes
->FireFox cache emptied: 119776551 bytes
->Apple Safari cache emptied: 65127702 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33510 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 567215 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33177 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 218634 bytes
Total Files Cleaned = 223,00 mb
OTL by OldTimer - Version 3.1.25.0 log created on 01152010_233541
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_764.dat moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ deleted successfully.
C:\Documents and Settings\elo\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbbf2b81-7224-b995-56cc-d6bb54501a22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbbf2b81-7224-b995-56cc-d6bb54501a22}\ deleted successfully.
C:\WINDOWS\system32\p6ri5q-Mj2SB.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
Registry value HKEY_USERS\S-1-5-21-139329984-3171950058-1767654482-1006\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
Registry value HKEY_USERS\S-1-5-21-139329984-3171950058-1767654482-1006\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk moved successfully.
C:\WINDOWS\system32\rundll32.exe moved successfully.
C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk moved successfully.
File C:\WINDOWS\system32\rundll32.exe not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef65724-236b-11de-b2a3-0013a9095005}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef65724-236b-11de-b2a3-0013a9095005}\ not found.
File G:\ClickMe.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ControlCenter2.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SetDefPrt deleted successfully.
========== FILES ==========
C:\Documents and Settings\elo\Application Data\AntiVirus Plus folder moved successfully.
C:\Documents and Settings\elo\Bureau\List_Killem_Install.exe moved successfully.
C:\Documents and Settings\elo\Bureau\AntiVirus Plus.lnk moved successfully.
File\Folder C:\Documents and Settings\elo\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk not found.
File\Folder C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk not found.
File\Folder C:\WINDOWS\System32\p6ri5q-Mj2SB.dll not found.
C:\Documents and Settings\All Users\Application Data\15820784 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
File\Folder C:\Documents and Settings\elo\Application Data\AntiVirus Plus not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: elo
->Temp folder emptied: 1317409 bytes
->Temporary Internet Files folder emptied: 16883161 bytes
->Java cache emptied: 29807655 bytes
->FireFox cache emptied: 119776551 bytes
->Apple Safari cache emptied: 65127702 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33510 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 567215 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33177 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 218634 bytes
Total Files Cleaned = 223,00 mb
OTL by OldTimer - Version 3.1.25.0 log created on 01152010_233541
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_764.dat moved successfully.
Registry entries deleted on Reboot...
Utilisateur anonyme
15 janv. 2010 à 23:59
15 janv. 2010 à 23:59
bien refais un scan OTL apres avoir redemarré ton ordi stp
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
16 janv. 2010 à 00:13
16 janv. 2010 à 00:13
le ptit nouveau
http://www.cijoint.fr/cjlink.php?file=cj201001/cijNbOvB5L.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/cijNbOvB5L.txt
Utilisateur anonyme
16 janv. 2010 à 00:32
16 janv. 2010 à 00:32
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\System32\EKPhAIQLOW_-g.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\System32\EKPhAIQLOW_-g.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
16 janv. 2010 à 00:44
16 janv. 2010 à 00:44
Fichier EKPhAIQLOW_-g.exe reçu le 2010.01.15 23:41:04 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.16 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3597 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.16 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.16 -
McAfee 5862 2010.01.15 -
McAfee+Artemis 5862 2010.01.15 -
McAfee-GW-Edition 6.8.5 2010.01.16 -
Microsoft 1.5302 2010.01.16 -
NOD32 4776 2010.01.15 -
Norman 6.04.03 2010.01.15 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 High Risk Cloaked Malware
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.16 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.4.153 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 118256 bytes
MD5...: 509fd9d3e6b08762782b9d3a5e55197f
SHA1..: 02ea38d4b444e162cc45bc6449a1eb89591623a7
SHA256: 19e8918b9d609dc42e829f4d38271602de6145f64d33e2d0de89c631fe3d378c
ssdeep: 3072:vQIURTXJ2ceAMP/SZCNCz77q1/amx4Dkcbyw:vsYmMP/SZPupaK4Dkgb<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x323c<br>timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5a5a 0x5c00 6.42 0bc2ffd32265a08d72b795b18265828d<br>.rdata 0x7000 0x1190 0x1200 5.18 f179218a059068529bdb4637ef5fa28e<br>.data 0x9000 0x1af98 0x400 4.71 975304d6dd6c4a4f076b15511e2bbbc0<br>.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0x2f000 0x48d0 0x4a00 5.87 4cc3f89c214e350e27ed0f562ca7c749<br><br>( 8 imports ) <br>> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<br>> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<br>> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<br>> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<br>> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<br>> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<br>> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<br>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
packers (F-Prot): NSIS
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D</a>
pdfid.: -
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.16 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3597 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.16 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.16 -
McAfee 5862 2010.01.15 -
McAfee+Artemis 5862 2010.01.15 -
McAfee-GW-Edition 6.8.5 2010.01.16 -
Microsoft 1.5302 2010.01.16 -
NOD32 4776 2010.01.15 -
Norman 6.04.03 2010.01.15 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 High Risk Cloaked Malware
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.16 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.4.153 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 118256 bytes
MD5...: 509fd9d3e6b08762782b9d3a5e55197f
SHA1..: 02ea38d4b444e162cc45bc6449a1eb89591623a7
SHA256: 19e8918b9d609dc42e829f4d38271602de6145f64d33e2d0de89c631fe3d378c
ssdeep: 3072:vQIURTXJ2ceAMP/SZCNCz77q1/amx4Dkcbyw:vsYmMP/SZPupaK4Dkgb<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x323c<br>timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5a5a 0x5c00 6.42 0bc2ffd32265a08d72b795b18265828d<br>.rdata 0x7000 0x1190 0x1200 5.18 f179218a059068529bdb4637ef5fa28e<br>.data 0x9000 0x1af98 0x400 4.71 975304d6dd6c4a4f076b15511e2bbbc0<br>.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0x2f000 0x48d0 0x4a00 5.87 4cc3f89c214e350e27ed0f562ca7c749<br><br>( 8 imports ) <br>> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<br>> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<br>> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<br>> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<br>> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<br>> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<br>> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<br>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
packers (F-Prot): NSIS
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D</a>
pdfid.: -
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.16 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3597 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.16 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.16 -
McAfee 5862 2010.01.15 -
McAfee+Artemis 5862 2010.01.15 -
McAfee-GW-Edition 6.8.5 2010.01.16 -
Microsoft 1.5302 2010.01.16 -
NOD32 4776 2010.01.15 -
Norman 6.04.03 2010.01.15 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 High Risk Cloaked Malware
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.16 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.4.153 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 118256 bytes
MD5...: 509fd9d3e6b08762782b9d3a5e55197f
SHA1..: 02ea38d4b444e162cc45bc6449a1eb89591623a7
SHA256: 19e8918b9d609dc42e829f4d38271602de6145f64d33e2d0de89c631fe3d378c
ssdeep: 3072:vQIURTXJ2ceAMP/SZCNCz77q1/amx4Dkcbyw:vsYmMP/SZPupaK4Dkgb<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x323c<br>timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5a5a 0x5c00 6.42 0bc2ffd32265a08d72b795b18265828d<br>.rdata 0x7000 0x1190 0x1200 5.18 f179218a059068529bdb4637ef5fa28e<br>.data 0x9000 0x1af98 0x400 4.71 975304d6dd6c4a4f076b15511e2bbbc0<br>.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0x2f000 0x48d0 0x4a00 5.87 4cc3f89c214e350e27ed0f562ca7c749<br><br>( 8 imports ) <br>> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<br>> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<br>> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<br>> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<br>> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<br>> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<br>> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<br>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
packers (F-Prot): NSIS
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D</a>
pdfid.: -
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.16 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3597 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.16 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.16 -
McAfee 5862 2010.01.15 -
McAfee+Artemis 5862 2010.01.15 -
McAfee-GW-Edition 6.8.5 2010.01.16 -
Microsoft 1.5302 2010.01.16 -
NOD32 4776 2010.01.15 -
Norman 6.04.03 2010.01.15 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 High Risk Cloaked Malware
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.16 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.4.153 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 118256 bytes
MD5...: 509fd9d3e6b08762782b9d3a5e55197f
SHA1..: 02ea38d4b444e162cc45bc6449a1eb89591623a7
SHA256: 19e8918b9d609dc42e829f4d38271602de6145f64d33e2d0de89c631fe3d378c
ssdeep: 3072:vQIURTXJ2ceAMP/SZCNCz77q1/amx4Dkcbyw:vsYmMP/SZPupaK4Dkgb<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x323c<br>timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x5a5a 0x5c00 6.42 0bc2ffd32265a08d72b795b18265828d<br>.rdata 0x7000 0x1190 0x1200 5.18 f179218a059068529bdb4637ef5fa28e<br>.data 0x9000 0x1af98 0x400 4.71 975304d6dd6c4a4f076b15511e2bbbc0<br>.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0x2f000 0x48d0 0x4a00 5.87 4cc3f89c214e350e27ed0f562ca7c749<br><br>( 8 imports ) <br>> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<br>> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<br>> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<br>> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<br>> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<br>> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<br>> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<br>> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
packers (F-Prot): NSIS
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D</a>
pdfid.: -
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
16 janv. 2010 à 00:52
16 janv. 2010 à 00:52
Je viens de supprimer le fichier et de vider la corbeille
Utilisateur anonyme
16 janv. 2010 à 00:59
16 janv. 2010 à 00:59
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
elo1234
Messages postés
12
Date d'inscription
vendredi 15 janvier 2010
Statut
Membre
Dernière intervention
16 janvier 2010
16 janv. 2010 à 02:06
16 janv. 2010 à 02:06
j'ai du rallumer l'ordi et voilà le rapport
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3573
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
16/01/2010 01:59:12
mbam-log-2010-01-16 (01-59-12).txt
Type de recherche: Examen complet (C:\|D:\|G:\|H:\|)
Eléments examinés: 225134
Temps écoulé: 47 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\elo\Mes documents\Mes fichiers reçus\registry-doktor-06fr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\Winsudate.Kill'em\gibsvc.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\Winsudate.Kill'em\gibusr.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3573
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
16/01/2010 01:59:12
mbam-log-2010-01-16 (01-59-12).txt
Type de recherche: Examen complet (C:\|D:\|G:\|H:\|)
Eléments examinés: 225134
Temps écoulé: 47 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\elo\Mes documents\Mes fichiers reçus\registry-doktor-06fr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\Winsudate.Kill'em\gibsvc.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\Winsudate.Kill'em\gibusr.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\elo\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.