Se connecter / S'enregistrer
Votre question

s'il vous plait aider moi virus qui supprime les fichiers .exe

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Septembre 2007 21:09:54

s'il vous plait aider moi j'ai un ordinateur intel core duo qui marchait bien avant q'un virus se mette dans mon ordinateur il se met a supprimer les fichiers .exe il a meme supprimer celui de mon antivirus et si j'essaye de le réinstaller il le supprime immédiatement je suis perdu!!

Autres pages sur : plait aider virus supprime fichiers exe

10 Septembre 2007 21:37:05

Logfile of HijackThis v1.99.1
Scan saved at 21:30:49, on 10/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\utilisateur\Application Data\tmp13F.tmp.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\drivers\hidr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Fichiers communs\AOL\1179934414\ee\aolsoftware.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\efccbyx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp140.tmp.dll
O2 - BHO: (no name) - {FC3F2B70-383D-4786-865A-B7589C073AB9} - C:\WINDOWS\system32\geeby.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ToolThird] C:\DOCUME~1\UTILIS~1\APPLIC~1\TEAMDO~1\chin does.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{952EE0E4-8614-49FB-9D4B-FB6A484AE3AD}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljggdc.dll
O20 - Winlogon Notify: efccbyx - efccbyx.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: msadhu1 - msadhu1.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\utilisateur\Application Data\tmp13F.tmp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\AOLbox\Gateway\wlancfg.exe

10 Septembre 2007 21:53:25

bonsoir

les joies du p2p...

tu as attrapé bagle avec quel crack?

tu es vraiment bien infecté: en plus de bagle, il y a du vundo,du lop, plus une sale toolbar (ShoppingReport)

1

Regarde ta messagerie privée et poste ici le rapport demandé


2

~Télécharge. F-Secure Blacklight

https://europe.f-secure.com/exclude/blacklight/fsbl.exe


- Lance F-Secure Blacklight (fichier fsbl.exe)
- Accepte la licence, et clique enfin sur "Scan" puis Next et Exit.
- Un rapport fsbl-bxxxx.log (xx sont des chiffres) va être créé dans le même dossier que blbeta.exe
- Ouvre fsbl-bxxxx.log , fais un copier/coller dans ton prochain message.

Attention ! .
Il ne faut pas choisir l'option "Rename". de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe .
Tuto de F-Secure BlackLight : (merci à Malekal) .
http://www.malekal.com/tutorial_f-secure_BlackLight.htm...
Contenus similaires
11 Septembre 2007 14:42:26


Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : C:\Documents and Settings\utilisateur\Bureau\jkw1TQGOpg_NewLopResearch\NewLopresearch

Rapport crée : Le 11/09/2007 à 14:40:27,62 PC : PC-B3794286787F


/!\ Faire analyser le rapport par un Helper avant toute intervention /!\


---------------------[ Listing des Applications Data ]--------------------


C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\city about store file
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\Escape From Paradise
C:\Documents and Settings\All Users\Application Data\SpieleEntwicklungsKombinat
C:\Documents and Settings\All Users\Application Data\AOL
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\BufferZone
C:\Documents and Settings\All Users\Application Data\PC Suite
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Dumb Web Software Ante
C:\Documents and Settings\All Users\Application Data\Mozilla
C:\Documents and Settings\All Users\Application Data\HP
C:\Documents and Settings\All Users\Application Data\Sonic
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
C:\Documents and Settings\All Users\Application Data\Apple Computer

C:\Documents and Settings\Default User\Application Data\Microsoft

C:\Documents and Settings\LocalService\Application Data\HP
C:\Documents and Settings\LocalService\Application Data\Microsoft

C:\Documents and Settings\NetworkService\Application Data\Microsoft

C:\Documents and Settings\utilisateur\Application Data\True Sword
C:\Documents and Settings\utilisateur\Application Data\m
C:\Documents and Settings\utilisateur\Application Data\teamdownloadmeta
C:\Documents and Settings\utilisateur\Application Data\LimeWire
C:\Documents and Settings\utilisateur\Application Data\EoRezo
C:\Documents and Settings\utilisateur\Application Data\WinRAR
C:\Documents and Settings\utilisateur\Application Data\Jasc
C:\Documents and Settings\utilisateur\Application Data\Macromedia
C:\Documents and Settings\utilisateur\Application Data\SpieleEntwicklungsKombinat
C:\Documents and Settings\utilisateur\Application Data\fltk.org
C:\Documents and Settings\utilisateur\Application Data\Leadertech
C:\Documents and Settings\utilisateur\Application Data\Adobe
C:\Documents and Settings\utilisateur\Application Data\ShoppingReport
C:\Documents and Settings\utilisateur\Application Data\vlc
C:\Documents and Settings\utilisateur\Application Data\dvdcss
C:\Documents and Settings\utilisateur\Application Data\Nokia Multimedia Player
C:\Documents and Settings\utilisateur\Application Data\Nokia
C:\Documents and Settings\utilisateur\Application Data\Sun
C:\Documents and Settings\utilisateur\Application Data\PC Suite
C:\Documents and Settings\utilisateur\Application Data\Google
C:\Documents and Settings\utilisateur\Application Data\Apple Computer
C:\Documents and Settings\utilisateur\Application Data\Microsoft
C:\Documents and Settings\utilisateur\Application Data\Talkback
C:\Documents and Settings\utilisateur\Application Data\Mozilla
C:\Documents and Settings\utilisateur\Application Data\DivX
C:\Documents and Settings\utilisateur\Application Data\HP
C:\Documents and Settings\utilisateur\Application Data\InstallShield
C:\Documents and Settings\utilisateur\Application Data\Help
C:\Documents and Settings\utilisateur\Application Data\ItsLabel
C:\Documents and Settings\utilisateur\Application Data\Microsoft Web Folders
C:\Documents and Settings\utilisateur\Application Data\AOL
C:\Documents and Settings\utilisateur\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\utilisateur\Application Data\Pinnacle Systems
C:\Documents and Settings\utilisateur\Application Data\InterTrust
C:\Documents and Settings\utilisateur\Application Data\Identities


----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------


C:\WINDOWS\tasks\ADA934A0916AAAD8.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini


--------------[ Listing des dossiers dans C:\Program Files ]--------------


C:\Program Files\7za.exe
C:\Program Files\8hands
C:\Program Files\Adobe
C:\Program Files\AdorageI-GfxDatas
C:\Program Files\AdorageI-SAL
C:\Program Files\Alwil Software
C:\Program Files\AOL
C:\Program Files\AOL 9.0
C:\Program Files\AOL Compagnon
C:\Program Files\AOL Toolbar
C:\Program Files\AOLbox
C:\Program Files\Ascaron Entertainment
C:\Program Files\Audacity
C:\Program Files\AviSynth 2.5
C:\Program Files\AW Europe
C:\Program Files\BitComet
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\Celestia
C:\Program Files\ComPlus Applications
C:\Program Files\DAEMON Tools
C:\Program Files\DIFX
C:\Program Files\DivX
C:\Program Files\Dynamic
C:\Program Files\EA SPORTS
C:\Program Files\e-anim701
C:\Program Files\Eidos Interactive
C:\Program Files\Electronic Arts
C:\Program Files\eMule
C:\Program Files\eoRezo
C:\Program Files\Eurobarre
C:\Program Files\Fichiers communs
C:\Program Files\Free Easy Burner
C:\Program Files\Gamenext
C:\Program Files\GameSpy Arcade
C:\Program Files\GEE
C:\Program Files\Google
C:\Program Files\Hewlett-Packard
C:\Program Files\HP
C:\Program Files\InetGet2
C:\Program Files\Internet Explorer
C:\Program Files\Inventel
C:\Program Files\Its Label
C:\Program Files\Jasc Software Inc
C:\Program Files\Java
C:\Program Files\Kaspersky Lab
C:\Program Files\KeePass Password Safe
C:\Program Files\Lavalys
C:\Program Files\Learn2.com
C:\Program Files\LimeWire
C:\Program Files\Logitech
C:\Program Files\MaCuisineLapeyre
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\MessengerPlus! 3
C:\Program Files\Micro Application
C:\Program Files\Microsoft .NET Compact Framework 1.0 SP2
C:\Program Files\Microsoft ActiveSync
C:\Program Files\Microsoft CAPICOM 2.1.0.2
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft SQL Server
C:\Program Files\Microsoft.NET
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MP3 Player Utilities 3.5.02
C:\Program Files\MSBuild
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\Multi_Media_France
C:\Program Files\MultiMedia France Toolbar
C:\Program Files\NetMeeting
C:\Program Files\Nokia
C:\Program Files\Online Services
C:\Program Files\Online_TV
C:\Program Files\Outlook Express
C:\Program Files\PC Connectivity Solution
C:\Program Files\Picasa2
C:\Program Files\Pinnacle
C:\Program Files\Player Tool
C:\Program Files\proDAD
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\Realtek
C:\Program Files\Red Kawa
C:\Program Files\Reference Assemblies
C:\Program Files\Replay Media Catcher
C:\Program Files\RM-X Player V4.2
C:\Program Files\Secured eMule
C:\Program Files\Secured_eMule
C:\Program Files\serial.dat
C:\Program Files\Services en ligne
C:\Program Files\ShoppingReport
C:\Program Files\Sierra On-Line
C:\Program Files\SmartSound Software
C:\Program Files\svchosts.tbe
C:\Program Files\teamdownloadmeta
C:\Program Files\TopDesk Trial
C:\Program Files\True Sword 4
C:\Program Files\Turn it off
C:\Program Files\Valve
C:\Program Files\VideoLAN
C:\Program Files\Viewpoint
C:\Program Files\WarRock
C:\Program Files\WIDCOMM
C:\Program Files\Windows Live
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinPop
C:\Program Files\xerox


------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]-----


C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\AOL
C:\Program Files\Fichiers communs\aolback
C:\Program Files\Fichiers communs\aolshare
C:\Program Files\Fichiers communs\Designer
C:\Program Files\Fichiers communs\FDEUnInstaller.exe
C:\Program Files\Fichiers communs\Hewlett-Packard
C:\Program Files\Fichiers communs\HP
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\Nokia
C:\Program Files\Fichiers communs\Nullsoft
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\PC SOFT
C:\Program Files\Fichiers communs\PCSuite
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\Sonic Shared
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System


----------------------[ Recherche dans le Registre ]----------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]



-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------


C:\Program Files\Multi_Media_France
C:\WINDOWS\tasks\ADA934A0916AAAD8.job


--------------------[ Vérification du fichier Hosts ]---------------------


Fichier Hosts : MODIFIE


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD


--------------------[ Recherche d'autres infections ]---------------------



/!\ VUNDO Possible !

C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\exefld

/!\ BAGLE Possible !



--------------------[ Fin du rapport à 14:40:46,87 ]----------------------
11 Septembre 2007 15:15:08

déja le crack etait pour turok sur pc et voici le rapport:



09/11/07 14:44:57 [Info]: BlackLight Engine 1.0.64 initialized
09/11/07 14:44:57 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/11/07 14:44:57 [Note]: 7019 4
09/11/07 14:44:57 [Note]: 7005 0
09/11/07 14:45:00 [Note]: 7006 0
09/11/07 14:45:00 [Note]: 7011 1912
09/11/07 14:45:00 [Note]: 7026 0
09/11/07 14:45:00 [Note]: 7026 0
09/11/07 14:45:00 [Note]: 7024 3
09/11/07 14:45:00 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hidr.exe
09/11/07 14:45:00 [Note]: 7024 3
09/11/07 14:45:00 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hidr.exe
09/11/07 14:45:09 [Note]: FSRAW library version 1.7.1022
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\home williamson john chansons bretonne.wm
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\House techno Club Dance - Boston DJ - Mov
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Hugues Aufray - Santiano.mp3
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Jesselyn - Contact.mp3
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Les Simpsons - Divx Francais - Fou de foo
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Les Simpsons contre-attaquent.Dessin anim
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\lets motormark singler jig go.wma
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Papi Sanchez - A Que Tu No Puedes Salsa.m
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Papi Sanchez - Dilema.mp3
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Renaud - Dès que le vent soufflera(1).mp
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\T-Pain ft. Akon - Ur Not The Same.mp3
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Techno - Dance Club Remixes - House Mix 2
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Techno - Scooter - Crank It Up (happy har
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Techno - Trance - Delerium - The Silence
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Timbaland - The Way I Are (Ft. Keri Hilso
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Timbaland - The Way I Are (Remix) feat. F
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\View iphone beer with the ultimate player
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Zion ft Akon - I love the way she moves.
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\[Full] toudou solver by CDZ (2).zip
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{50D5FE4F-D456-4F0F-8597-2C4D1FD
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{50D5FE4F-D456-4F0F-8597-2C4D1FD
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{733874D1-0AD2-434D-AF8D-3FB5563
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{733874D1-0AD2-434D-AF8D-3FB5563
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{80435C8A-523D-4CC3-B28C-2B7A70D
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{80435C8A-523D-4CC3-B28C-2B7A70D
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{CD9C0D76-9058-49A3-953B-CB3AF79
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7E
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7E
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{F8633EBC-8E79-4C00-A793-9B4F7BE
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{F8633EBC-8E79-4C00-A793-9B4F7BE
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{00000000-0000-0000-0000-0000000
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{00000000-0000-0000-0000-0000000
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Folder.jpg
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Akon - Belly Dancer.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Akon ft. Eminem - Smack That.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Akon ft. Snoop_Dogg - I Wanna Fuck You.mp
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArtSmall.jpg
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Avril Lavigne - Girl friend.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Boney M - By The River Of Babylone.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\BOUGGY WONDERLAND HAPPY FEET.MP3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Celtic Women - The Soft Goodbye.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Clara Morgane - Sexy Girl.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Cle Pour Toudou Solver.mpg
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Daft Punk - Vietnam.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\desktop.ini
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Dj Evolution - Contacto Remix.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\DJ Kurvy - Let You Go.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\DJ Pisces - Crobar Classics (Disc 2 of 2)
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\dj ranking Stand by me + Usher Yeah ( Te
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\French Les Simpsons Le Film 2007 Dvdrip.a
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Gomez.VS.Tavares.FRENCH.CAM.XViD-FeDeXFR-
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack - Gia Farrell - Hit
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack - Don't Push Me.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy feet - Don't Push Me Cause I'm Clos
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack- Stevie Wonder - I
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet - Boogie Wonderland.mp3
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet - Original Soundtrack.mp3
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack - Jump 'n' Move.mp3
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack - Robin Williams -
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack- Brittany Murphy -
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Note]: 10002 2
09/11/07 14:45:14 [Note]: 10002 2
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Empty.txt
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Filters.xml
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\Blank.txt
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample1.jpg
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample2.jpg
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Note]: 10002 2
09/11/07 14:49:16 [Note]: 10002 2
09/11/07 14:55:27 [Note]: 10002 2
09/11/07 14:55:27 [Note]: 10002 2
09/11/07 14:56:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
09/11/07 14:56:12 [Note]: 10002 2
09/11/07 14:56:12 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hidr.exe
09/11/07 14:56:12 [Note]: 10002 2
09/11/07 14:57:37 [Note]: 2000 1012
09/11/07 14:57:37 [Note]: 2000 1012
09/11/07 15:12:47 [Note]: 7007 0
11 Septembre 2007 17:38:47

bonsoir

on commence:

déroule cette procédure exactement dans cet ordre.

1

~Télécharge le programme R-Hosts (de S!RI)
http://siri.urz.free.fr/Softs/RHosts.exe

~Lance R-Hosts.exe puis clique sur Restaurer.
Valide la modification en appuyant sur OK.

2


~Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo.
~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
~Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo



3

~Télécharge Elibagla sur cette page :
http://www.zonavirus.com/datos/descargas/95/elibagla.as...

Tu trouveras le programme à télécharger tout en bas de la page :,
clique sur escargar Elibagla 10.51

Enregistre ce fichier sur le bureau
Va sur ton bureau et double-clic sur Elibagla.exe
La case "eliminar ficheros automaticamente" doit être cochée
Clique sur"explorar" et laisse-le travailler
~Poste le rapport final qui sera dans c:\infosat.txt

4

Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

ajoute un nouveau rapport Hijackthis.
11 Septembre 2007 18:43:06

VundoFix V6.5.8

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 18:33:40 11/09/2007

Listing files found while scanning....

C:\WINDOWS\system32\efccbyx.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\tmp140.tmp.dll
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tmp140.tmp.dll
C:\WINDOWS\system32\tmp140.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ybeeg.ini Has been deleted!

Performing Repairs to the registry.
Done!
11 Septembre 2007 18:58:25


Tue Sep 11 18:44:46 2007
EliBagle v10.51 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\WINTEMS.EXE.Muestra EliBagle v10.51
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\HIDR.EXE.Muestra EliBagle v10.51
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Bagle Renombrado a .VIR
C:\DOCUMENTS AND SETTINGS\UTILISATEUR\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue Sep 11 18:46:08 2007
EliBagle v10.51 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
11 Septembre 2007 19:39:02

ComboFix 07-09-10.6 - "utilisateur" 2007-09-11 19:27:46.1 - NTFS x86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.393 [GMT 2:00]
C:\WINDOWS\system32\chkdsk.exe manque
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\Config.xml
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\db\Aliases.dbs
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\db\Sites.dbs
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\dwld\WhiteList.xip
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\report\aggr_storage.xml
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\report\send_storage.xml
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\res2\WhiteList.dbs
C:\DOCUME~1\UTILIS~1\APPLIC~1\tmp139.tmp.exe
C:\DOCUME~1\UTILIS~1\APPLIC~1\tmp13F.tmp.exe
C:\DOCUME~1\UTILIS~1\APPLIC~1\tmp140.tmp.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\popinstall.exe
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\exefld
C:\WINDOWS\system\smss.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\UpMedia
D:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers créés 2007-08-11 to 2007-09-11 ))))))))))))))))))))))))))))))))))))
.

2007-09-11 19:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 18:44 <REP> d-------- C:\Muestras
2007-09-11 18:33 <REP> d-------- C:\VundoFix Backups
2007-09-11 16:12 <REP> d-------- C:\Program Files\Microsoft Games
2007-09-11 00:43 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-11 00:43 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-11 00:43 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-11 00:43 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-11 00:43 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-11 00:43 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-11 00:43 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-11 00:41 <REP> d-------- C:\WINDOWS\system32\backuped
2007-09-11 00:37 <REP> d-------- C:\Program Files\True Sword 4
2007-09-11 00:37 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\True Sword
2007-09-11 00:32 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-10 20:23 <REP> d-------- C:\Program Files\Alwil Software
2007-09-10 20:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2007-09-10 19:59 94,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-10 19:59 2,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-10 19:57 2,138,112 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-09-06 23:39 <REP> d-------- C:\Program Files\Celestia
2007-09-06 23:28 <REP> d-------- C:\Program Files\Dynamic
2007-08-30 22:18 575 --a------ C:\WINDOWS\eReg.dat
2007-08-28 23:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\city about store file
2007-08-28 23:57 <REP> d-------- C:\Program Files\teamdownloadmeta
2007-08-28 23:54 <REP> d-------- C:\Program Files\Player Tool
2007-08-28 20:04 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\WinRAR
2007-08-28 01:03 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\Jasc
2007-08-28 01:02 <REP> d-------- C:\Program Files\Jasc Software Inc
2007-08-27 21:38 <REP> d-------- C:\Program Files\e-anim701
2007-08-24 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
2007-08-24 15:16 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-24 15:16 <REP> d-------- C:\Program Files\Gamenext
2007-08-24 15:16 <REP> d-------- C:\Program Files\AW Europe
2007-08-24 13:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-24 13:24 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-24 13:24 165,376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-08-24 13:24 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\SpieleEntwicklungsKombinat
2007-08-24 13:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpieleEntwicklungsKombinat
2007-08-22 14:41 <REP> d-------- C:\WINDOWS\B6D5E63DEFF546169DB706D08F10B0C0.TMP
2007-08-22 14:34 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-08-21 20:09 <REP> d-------- C:\Program Files\Windows Live
2007-08-21 20:09 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-08-20 13:25 <REP> d-------- C:\Program Files\KeePass Password Safe
2007-08-19 23:05 1,984 --a------ C:\WINDOWS\system32\drivers\papycpu2.sys
2007-08-19 23:05 1,856 --a------ C:\WINDOWS\system32\drivers\papyjoy.sys
2007-08-19 23:04 <REP> d-------- C:\Papyrus
2007-08-17 16:04 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\fltk.org
2007-08-16 03:03 <REP> d-------- C:\Program Files\MSXML 6.0
2007-08-15 10:44 <REP> d-------- C:\Program Files\Eurobarre
2007-08-15 10:43 15,872 --------- C:\WINDOWS\system32\winskfr.dll
2007-08-13 19:53 <REP> d-------- C:\Virtual
2007-08-12 10:31 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech
2007-08-11 18:49 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-08-11 18:49 <REP> d-------- C:\Program Files\Electronic Arts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 19:23 --------- d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\LimeWire
2007-09-11 00:51 --------- d-------- C:\Program Files\Fichiers communs\AOL
2007-09-10 20:15 --------- d-------- C:\Program Files\Kaspersky Lab
2007-09-10 20:15 --------- d-------- C:\Program Files\Its Label
2007-09-10 20:07 2156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-10 20:07 1244 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-10 17:13 --------- d-------- C:\Program Files\eMule
2007-09-09 20:47 --------- d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\teamdownloadmeta
2007-09-05 10:16 --------- d-------- C:\Program Files\Ascaron Entertainment
2007-09-02 13:59 --------- d-------- C:\Program Files\Free Easy Burner
2007-08-31 18:13 --------- d-------- C:\Program Files\LimeWire
2007-08-30 23:35 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-30 22:18 --------- d-------- C:\Program Files\EA SPORTS
2007-08-29 22:38 --------- d-------- C:\Program Files\eoRezo
2007-08-29 22:38 --------- d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\EoRezo
2007-08-24 13:47 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-21 20:09 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 10:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-10 16:33 --------- d-------- C:\Program Files\8hands
2007-08-10 10:42 --------- d-------- C:\Program Files\Secured eMule
2007-08-10 10:41 --------- d-------- C:\Program Files\Secured_eMule
2007-08-10 10:41 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
2007-08-10 10:27 --------- d-------- C:\Program Files\Online_TV
2007-08-10 00:41 --------- d-------- C:\Program Files\MultiMedia France Toolbar
2007-08-10 00:41 --------- d-------- C:\Program Files\Multi_Media_France
2007-08-09 22:52 53760 --a------ C:\WINDOWS\system32\drivers\SSHDRV76.sys
2007-08-07 00:51 --------- d-------- C:\Program Files\Lavalys
2007-08-06 17:38 --------- d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
2007-08-02 20:53 --------- d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\dvdcss
2007-08-02 20:52 --------- d-------- C:\Program Files\VideoLAN
2007-08-01 23:18 --------- d-------- C:\Program Files\Audacity
2007-07-30 23:48 --------- d-------- C:\Program Files\Fichiers communs\PC SOFT
2007-07-29 21:32 56239 --a------ C:\Program Files\svchosts.tbe
2007-07-28 23:40 --------- d--hs---- C:\Program Files\outlook
2007-07-12 22:27 --------- d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\Nokia Multimedia Player
2007-07-12 18:25 --------- d-------- C:\Program Files\Sierra On-Line
2007-07-12 14:08 --------- d-------- C:\Program Files\MessengerPlus! 3
2007-07-11 23:31 --------- d-------- C:\Program Files\Google
2007-07-08 20:19 22 --a------ C:\Program Files\serial.dat
2007-06-24 21:17 106496 --a------ C:\uninstall.exe
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-05-23 16:38 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-08-27 16:38 1015973 -rahs---- C:\Program Files\serial.zip
2006-08-27 16:38 1015973 -rahs---- C:\Program Files\serial.tde
2006-05-28 17:46 397306 -rahs---- C:\Program Files\wunauclt.zip
2006-05-28 17:46 397306 -rahs---- C:\Program Files\wunauclt.tbe
2005-09-28 10:56 185856 --a------ C:\Program Files\7za.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 13:17 1326104 --a------ C:\Program Files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC3F2B70-383D-4786-865A-B7589C073AB9}]
C:\WINDOWS\system32\geeby.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 13:17 1326104]

[HKEY_CLASSES_ROOT\CLSID\{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolThird"="C:\DOCUME~1\UTILIS~1\APPLIC~1\TEAMDO~1\chin does.exe" [2004-09-06 07:05]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-09-06 07:05]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-07-02 13:06]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-07-12 14:08]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
AOL 9.0 Ic“ne AOL.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-05-23 16:45:11]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-06-07 17:05:38]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file://C:\Documents and Settings\utilisateur\Bureau\jordan\51hv%2BFumOBL._AA240_
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbyx]
efccbyx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby]
C:\WINDOWS\system32\geeby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msadhu1]
msadhu1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\mljggdc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 papycpu2;papycpu2;C:\WINDOWS\system32\DRIVERS\papycpu2.sys
R1 papyjoy;papyjoy;C:\WINDOWS\system32\DRIVERS\papyjoy.sys
R1 SSHDRV76;SSHDRV76;\??\C:\WINDOWS\system32\drivers\SSHDRV76.sys
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S1 srosa;Megadrv3;\??\C:\WINDOWS\system32\drivers\srosa.sys
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-11 17:00:00 C:\WINDOWS\Tasks\ADA934A0916AAAD8.job"
- c:\docume~1\utilis~1\applic~1\teamdo~1\Nountestbend.exe
"2007-09-11 16:57:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 19:33:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-11 19:35:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 19:35
.
--- E O F ---
11 Septembre 2007 19:54:23

Logfile of HijackThis v1.99.1
Scan saved at 19:40:44, on 11/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
C:\WINDOWS\Explorer.EXE
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Fichiers communs\AOL\1179934414\ee\aolsoftware.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FC3F2B70-383D-4786-865A-B7589C073AB9} - C:\WINDOWS\system32\geeby.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ToolThird] C:\DOCUME~1\UTILIS~1\APPLIC~1\TEAMDO~1\chin does.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{952EE0E4-8614-49FB-9D4B-FB6A484AE3AD}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljggdc.dll
O20 - Winlogon Notify: efccbyx - efccbyx.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: msadhu1 - msadhu1.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\AOLbox\Gateway\wlancfg.exe
11 Septembre 2007 22:06:23

re

avant de continuer, j'ai besoin d'un autre rapport.

Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier LopResearch puis double-clique sur le Scan.bat.
Un rapport sera généré, poste son contenu ici.

11 Septembre 2007 22:25:11

apport fait à 22:21:45,23 le 11/09/2007

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 80E5-2144

R‚pertoire de C:\Documents and Settings\All Users\Application Data

11/09/2007 22:03 <REP> Kaspersky Lab
10/09/2007 20:05 <REP> Kaspersky Lab Setup Files
28/08/2007 23:58 <REP> city about store file
24/08/2007 15:17 <REP> Escape From Paradise
24/08/2007 15:16 <REP> TEMP
24/08/2007 13:24 <REP> SpieleEntwicklungsKombinat
22/08/2007 14:34 <REP> Messenger Plus!
12/08/2007 10:28 <REP> Adobe
10/08/2007 17:47 1356 QTSBandwidthCache
10/08/2007 10:41 <REP> BufferZone
07/07/2007 10:48 <REP> PC Suite
07/07/2007 10:45 <REP> Installations
17/06/2007 08:37 <REP> Google
13/06/2007 20:26 <REP> Mozilla
06/06/2007 19:50 <REP> Dumb Web Software Ante
27/05/2007 13:42 <REP> HP
27/05/2007 13:40 <REP> Sonic
27/05/2007 11:18 2966 hpzinstall.log
24/05/2007 09:08 <REP> Windows Live Toolbar
23/05/2007 20:29 481 Installer.log
23/05/2007 18:09 <REP> Windows Genuine Advantage
23/05/2007 16:47 <REP> Viewpoint
23/05/2007 16:44 <REP> AOL
18/05/2007 14:45 <REP> SmartSound Software Inc
18/05/2007 14:44 <REP> Apple Computer
18/05/2007 14:42 <REP> Pinnacle Studio
18/05/2007 14:39 <REP> Pinnacle
18/05/2007 13:31 62 desktop.ini
18/05/2007 13:31 <REP> ..
18/05/2007 13:31 <REP> Microsoft
18/05/2007 13:31 <REP> .
4 fichier(s) 4865 octets
27 R‚p(s) 6851784704 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 80E5-2144

R‚pertoire de C:\Documents and Settings\Default User\Application Data

18/05/2007 13:31 62 desktop.ini
18/05/2007 13:31 <REP> ..
18/05/2007 13:31 <REP> Microsoft
18/05/2007 13:31 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 6851784704 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 80E5-2144

R‚pertoire de C:\Documents and Settings\utilisateur\Application Data

11/09/2007 00:37 <REP> True Sword
28/08/2007 20:04 <REP> WinRAR
28/08/2007 01:03 <REP> Jasc
24/08/2007 13:24 <REP> SpieleEntwicklungsKombinat
17/08/2007 16:04 <REP> fltk.org
12/08/2007 10:31 <REP> Leadertech
06/08/2007 17:38 <REP> vlc
02/08/2007 20:53 <REP> dvdcss
12/07/2007 13:24 <REP> Nokia Multimedia Player
09/07/2007 22:21 <REP> Sun
07/07/2007 10:59 10710 NMM-MetaData.db
07/07/2007 10:47 <REP> Nokia
07/07/2007 10:46 <REP> PC Suite
20/06/2007 09:09 <REP> Google
18/06/2007 20:06 <REP> Apple Computer
13/06/2007 20:26 <REP> Talkback
13/06/2007 20:26 <REP> Mozilla
13/06/2007 20:25 <REP> DivX
06/06/2007 19:49 <REP> teamdownloadmeta
01/06/2007 20:15 <REP> InstallShield
28/05/2007 00:26 2528 $_hpcst$.hpc
27/05/2007 11:18 <REP> HP
26/05/2007 23:06 <REP> Help
23/05/2007 17:55 <REP> LimeWire
23/05/2007 17:50 <REP> ItsLabel
23/05/2007 17:49 <REP> EoRezo
23/05/2007 17:03 <REP> Microsoft Web Folders
23/05/2007 16:50 <REP> Macromedia
23/05/2007 16:47 <REP> AOL
23/05/2007 16:47 <REP> You've Got Pictures Screensaver
23/05/2007 16:12 <REP> Pinnacle Systems
18/05/2007 12:10 <REP> Adobe
18/05/2007 12:10 <REP> InterTrust
18/05/2007 11:57 <REP> Identities
18/05/2007 11:56 62 desktop.ini
18/05/2007 11:56 <REP> ..
18/05/2007 11:56 <REP> .
18/05/2007 11:56 <REP> Microsoft
3 fichier(s) 13300 octets
35 R‚p(s) 6851780608 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 80E5-2144

R‚pertoire de C:\WINDOWS\Tasks

28/08/2007 23:59 278 ADA934A0916AAAD8.job
24/05/2007 09:08 256 V‚rifier les mises … jour de Windows Live Toolbar.job
18/05/2007 11:54 6 SA.DAT
18/05/2007 11:44 65 desktop.ini
18/05/2007 11:44 <REP> ..
18/05/2007 11:44 <REP> .
4 fichier(s) 605 octets
2 R‚p(s) 6ÿ851ÿ780ÿ608 octets libres

******************************************
Listing des dossiers dans C:\Program Files

7za.exe
8hands
Adobe
AdorageI-GfxDatas
AdorageI-SAL
Alwil Software
AOL
AOL 9.0
AOL Compagnon
AOL Toolbar
AOLbox
Ascaron Entertainment
Audacity
AviSynth 2.5
AW Europe
BitComet
BitTorrent Fastest Tool
Celestia
ComPlus Applications
DAEMON Tools
DIFX
DivX
Dynamic
EA SPORTS
e-anim701
Eidos Interactive
Electronic Arts
eMule
eoRezo
Eurobarre
Fichiers communs
Free Easy Burner
Gamenext
GameSpy Arcade
GEE
Google
Hewlett-Packard
HP
Internet Explorer
Inventel
Its Label
Jasc Software Inc
Java
Kaspersky Lab
KeePass Password Safe
Lavalys
Learn2.com
LimeWire
Logitech
MaCuisineLapeyre
Messenger
Messenger Plus! Live
MessengerPlus! 3
Micro Application
Microsoft .NET Compact Framework 1.0 SP2
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Games
Microsoft Office
Microsoft SQL Server
Microsoft.NET
Movie Maker
Mozilla Firefox
MP3 Player Utilities 3.5.02
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
MSXML 6.0
Multi_Media_France
MultiMedia France Toolbar
NetMeeting
Nokia
Online Services
Online_TV
Outlook Express
PC Connectivity Solution
Picasa2
Pinnacle
Player Tool
proDAD
QuickTime
Real
Realtek
Red Kawa
Reference Assemblies
Replay Media Catcher
RM-X Player V4.2
Secured eMule
Secured_eMule
serial.dat
Services en ligne
Sierra On-Line
SmartSound Software
svchosts.tbe
teamdownloadmeta
TopDesk Trial
True Sword 4
Turn it off
Valve
VideoLAN
Viewpoint
WarRock
WIDCOMM
Windows Live
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
xerox
******************************************
Recherche des dossiers/fichiers LOP

C:\Program Files\Multi_Media_France Présent !
C:\WINDOWS\tasks\ADA934A0916AAAD8.job Présent !
******************************************
Recherche d'infections connues

Pas d'infection reconnue
******************************************
Vérification du fichier HOSTS

Fichier Hosts : Propre
*************** Fin du Rapport - Version 0.9 ****************
11 Septembre 2007 23:04:40

re

à ta place je commencerai par supprimer tous tes programmes de p2p qui sont la source de ton infection:
Secured_eMule
BitComet
Limewire et compagnie...

mais bon, tu vas me raconter que tout ce que tu télécharges est légal. :lol: 

un peu de lecture:
cracks/P2P





~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FC3F2B70-383D-4786-865A-B7589C073AB9} - C:\WINDOWS\system32\geeby.dll (file missing)
O4 - HKCU\..\Run: [ToolThird] C:\DOCUME~1\UTILIS~1\APPLIC~1\TEAMDO~1\chin does.exe
O20 - AppInit_DLLs: c:\windows\system32\mljggdc.dll
O20 - Winlogon Notify: efccbyx - efccbyx.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: msadhu1 - msadhu1.dll (file missing)



Clique sur Fix checked (en bas à gauche)

~Sélectionne TOUS les emplacements suivants :


c:\windows\system32\mljggdc.dll
C:\Program Files\Multi_Media_France
C:\Program Files\eoRezo
C:\Documents and Settings\All Users\Application Data\city about store file
C:\Documents and Settings\utilisateur\Application Data\teamdownloadmeta
C:\WINDOWS\tasks\ADA934A0916AAAD8.job
C:\Program Files\MultiMedia France Toolbar
C:\Program Files\svchosts.tbe
C:\Program Files\serial.dat
C:\Program Files\serial.tde
C:\Program Files\serial.zip


---> Clique-droit puis Copier (ou Ctrl+C)
~Double-clique sur OTMoveIt.exe afin de le lancer.
fais un Clique-droit sur le cadre de gauche puis choisis Coller. (ou Ctrl+V).
~Clique maintenant sur [#ff0000]MoveIt![/#f]

!! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES

~Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.

+++++++++++++

~ Télécharge Clean de Malekal
http://www.malekal.com/download/clean.zip

Enregistre-le sur ton bureau et dézippe-le
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré.
26 Janvier 2008 11:08:41

Ben je crois que j'ai le meme probleme sauf que moi il me bloque tous les antivirus que je veux installer
A part a un detail pres c'est que ce virus me ralenti en lancant toujours le meme programme ...en l'occurence Pando...Donc en le coupant a chaque fois par le gestionnaire de taches , ben j'arrive a le bloquer et a surfer....
Alors pliz, exzibit, PIMP MY RIDE... Non je plaisante...mais bon je commence a peter les plombs
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS