[Résolu] Analyse rapport HJT

[vincent_57]

Bonjour,

 

Voici mon rapport HJT aprés avoir passé antivir en mode sans echec.

 

Merci de votre aide.

 

Rapport HJT :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:43:58, on 03/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Acer\Empowering Technology\admServ.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\mspbmgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\acer\Empowering Technology\ePower\epm-dm.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

C:\WINDOWS\Twain_32\HiCam USB 2.0 PCam S\SnapTrap.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\documents and settings\tousch\local settings\application data\ghabdbd.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\verf.exe

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\mspbinj.exe

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\mspbinj.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe

C:\WINDOWS\system32\cidaemon.exe

F:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O2 - BHO: (no name) - {024CB2A5-DC8F-40E7-893E-9268A235E2B6} - C:\WINDOWS\System32\qosname32.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sTICAP] C:\WINDOWS\Twain_32\HiCam USB 2.0 PCam S\SnapTrap.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Debug Cdrom.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ghabdbd] "c:\documents and settings\tousch\local settings\application data\ghabdbd.exe" ghabdbd

O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\tousch\APPLIC~1\ELSEPL~1\AXISNEW.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: verf.exe

O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\System32\ncxpnt32.dll

O20 - Winlogon Notify: 320d180e689 - C:\WINDOWS\System32\ncxpnt32.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: Host Service (PbManager) - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\mspbmgr.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 11599 bytes

 

 

 

Merci de votre aide.

Amicalement,

Vincent

Modifié le 6 novembre 2009 par vincent_57

[Apollo]

Bonjour,

 

Et antivir n'a pas donné de rapport? C'aurait été intéressant de le visionner.

 

1) Télécharge Navilog1 (par IL-MAFIOSO) Enregistre-le sur ton bureau.

 

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

 

Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, double-clique sur le raccourci Navilog1 présent sur le bureau.

 

Laisse-toi guider. Appuie sur une touche quand on te le demande.

Au menu principal, choisis 1 et valide.

 

< Ne fais pas le choix 2 >

 

Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.

Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement s'il te le demande.

 

Patiente jusqu'au message "Scan terminé le......"

Appuie sur une touche comme demandé ; le bloc-notes va s'ouvrir.

Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.

 

PS : le rapport est aussi sauvegardé à la racine du disque dur C:\cleannavi.txt

 

-----------------------

2) Télécharge Lop S&D.exe sur ton Bureau.

http://eric.71.mespages.googlepages.com/LopSD.exe

 

Ou: http://eric71.geekstogo.com/tools/LopSD.exe

 

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Sous Vista: Clic droit/exécuter en temps qu'administrateur ***

 

Sélectionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

--------------------------------------------

 

3) Relance Lop S&D

 

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

J'attends donc trois rapports stp.

Merci.

@++

[vincent_57]

Re, merci pour ta reponse rapide.

 

Dsl antivir ne ma pas donner de rapport.

 

voici maintenant comme tu me l'avais demander les 3 rapports.

 

 

------------------------------------------

Rapport Navilog1:

------------------------------------------

Fix Navipromo version 4.0.4 commencé le 03/11/2009 16:44:41,09

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

 

Outil exécuté depuis C:\Program Files\navilog1

 

Mise à jour le 02.11.2009 à 22h00 par IL-MAFIOSO

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz )

BIOS : Phoenix NoteBIOS 4.0 Release 6.1

USER : tousch ( Administrator )

BOOT : Normal boot

 

Antivirus : AntiVir Desktop 9.0.1.26 (Activated)

Firewall : Bitdefender Firewall 8.0 (Not Activated)

 

C:\ (Local Disk) - FAT32 - Total:44 Go (Free:20 Go)

D:\ (Local Disk) - FAT32 - Total:44 Go (Free:44 Go)

E:\ (CD or DVD)

F:\ (USB) - FAT32 - Total:1963 Mo (Free:1 Go)

 

 

Recherche executée en mode normal

 

Nettoyage exécuté au redémarrage de l'ordinateur

 

 

C:\WINDOWS\prefetch\ghabdbd*.pf supprimé !

c:\docume~1\tousch\locals~1\applic~1\ghabdbd.exe supprimé !

c:\docume~1\tousch\locals~1\applic~1\ghabdbd.dat supprimé !

c:\docume~1\tousch\locals~1\applic~1\ghabdbd_navps.dat supprimé !

c:\docume~1\tousch\locals~1\applic~1\ghabdbd_nav.dat supprimé !

 

 

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\tousch\locals~1\Temp effectué !

 

 

*** Sauvegarde du Registre vers dossier Safebackup ***

 

sauvegarde du Registre réalisée avec succès !

 

*** Nettoyage Registre ***

 

Nettoyage Registre Ok

 

 

C:\WINDOWS\Tasks\AEE3ED2591889FE9.job trouvé ! Infection Lop possible non traitée par cet outil !

 

 

*** Scan terminé 03/11/2009 16:50:39,20 ***

 

 

------------------------------------------

Raport Lop S&D / Option 1 Recherche:

------------------------------------------

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz )

BIOS : Phoenix NoteBIOS 4.0 Release 6.1

USER : tousch ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.26 (Activated)

Firewall : Bitdefender Firewall 8.0 (Not Activated)

C:\ (Local Disk) - FAT32 - Total:44 Go (Free:21 Go)

D:\ (Local Disk) - FAT32 - Total:44 Go (Free:44 Go)

E:\ (CD or DVD)

F:\ (USB) - FAT32 - Total:1963 Mo (Free:1 Go)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 03/11/2009|16:52 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[06/01/2006|06:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[06/01/2006|06:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[18/08/2006|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acer

[06/01/2006|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[02/11/2009|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[24/12/2006|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender

[06/01/2006|06:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[03/09/2009|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard

[28/08/2009|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[28/08/2009|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant

[03/03/2009|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM

[03/03/2009|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail

[18/08/2006|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel

[02/11/2009|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[03/12/2007|22:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch

[08/09/2006|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[06/01/2006|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[03/09/2009|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG

[27/08/2006|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[21/11/2007|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[06/01/2006|06:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[06/01/2006|06:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[18/08/2006|02:51] C:\DOCUME~1\tousch\APPLIC~1\Acer

[26/08/2006|00:45] C:\DOCUME~1\tousch\APPLIC~1\Adobe

[12/11/2006|14:05] C:\DOCUME~1\tousch\APPLIC~1\AdobeUM

[03/09/2006|20:33] C:\DOCUME~1\tousch\APPLIC~1\Ahead

[24/12/2006|18:34] C:\DOCUME~1\tousch\APPLIC~1\Bitdefender

[18/08/2006|17:28] C:\DOCUME~1\tousch\APPLIC~1\CyberLink

[03/12/2007|22:20] C:\DOCUME~1\tousch\APPLIC~1\Else plus

[17/12/2008|14:35] C:\DOCUME~1\tousch\APPLIC~1\EoRezo

[21/08/2006|21:16] C:\DOCUME~1\tousch\APPLIC~1\Help

[03/09/2009|11:58] C:\DOCUME~1\tousch\APPLIC~1\HP

[23/01/2009|15:15] C:\DOCUME~1\tousch\APPLIC~1\Icone

[06/01/2006|06:36] C:\DOCUME~1\tousch\APPLIC~1\Identities

[20/12/2008|16:57] C:\DOCUME~1\tousch\APPLIC~1\InstallShield

[20/12/2008|16:59] C:\DOCUME~1\tousch\APPLIC~1\LG Electronics

[20/12/2008|17:10] C:\DOCUME~1\tousch\APPLIC~1\LGSync

[18/08/2006|02:44] C:\DOCUME~1\tousch\APPLIC~1\Macromedia

[06/01/2006|06:25] C:\DOCUME~1\tousch\APPLIC~1\Microsoft

[17/12/2008|14:38] C:\DOCUME~1\tousch\APPLIC~1\Mozilla

[17/12/2008|14:38] C:\DOCUME~1\tousch\APPLIC~1\SecondLife

[04/06/2009|14:38] C:\DOCUME~1\tousch\APPLIC~1\SecuROM

[21/08/2006|21:47] C:\DOCUME~1\tousch\APPLIC~1\Sun

 

[06/01/2006|06:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[06/01/2006|06:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[03/11/2009 14:29][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[03/11/2009 01:00][--ah-----] C:\WINDOWS\tasks\AEE3ED2591889FE9.job

[03/11/2009 16:49][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

( AEE3ED2591889FE9.job )=( c:\docume~1\tousch\applic~1\elsepl~1\Thunkdeafgreat.exe )

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[06/01/2006|06:52] C:\Program Files\Acer

[06/01/2006|06:50] C:\Program Files\Acer Inc

[06/01/2006|06:51] C:\Program Files\Adobe

[03/12/2007|22:20] C:\Program Files\Adverts

[02/11/2009|17:49] C:\Program Files\Avira

[02/11/2009|23:10] C:\Program Files\CCleaner

[06/01/2006|06:29] C:\Program Files\ComPlus Applications

[06/01/2006|06:42] C:\Program Files\CONEXANT

[06/01/2006|06:53] C:\Program Files\CyberLink

[08/12/2006|20:06] C:\Program Files\eMule

[06/01/2006|06:25] C:\Program Files\Fichiers communs

[28/08/2009|12:17] C:\Program Files\Hewlett-Packard

[28/08/2009|12:16] C:\Program Files\HP

[06/01/2006|06:37] C:\Program Files\InstallShield Installation Information

[06/01/2006|06:37] C:\Program Files\Intel

[06/01/2006|06:29] C:\Program Files\Internet Explorer

[21/08/2006|21:45] C:\Program Files\Java

[18/08/2006|02:46] C:\Program Files\Launch Manager

[20/12/2008|17:00] C:\Program Files\LG Electronics

[20/12/2008|16:58] C:\Program Files\LGE GSM PC Sync

[21/08/2006|21:32] C:\Program Files\LimeWire

[06/01/2006|06:29] C:\Program Files\Messenger

[08/09/2006|12:21] C:\Program Files\MessengerPlus! 3

[29/05/2009|17:03] C:\Program Files\Microsoft

[06/01/2006|06:31] C:\Program Files\microsoft frontpage

[25/01/2007|21:19] C:\Program Files\Microsoft Games

[12/11/2006|11:37] C:\Program Files\Microsoft Office

[29/05/2009|17:11] C:\Program Files\Microsoft Silverlight

[29/05/2009|17:05] C:\Program Files\Microsoft SQL Server Compact Edition

[29/05/2009|17:06] C:\Program Files\Microsoft Sync Framework

[06/01/2006|06:29] C:\Program Files\Movie Maker

[22/02/2009|19:04] C:\Program Files\Mozilla Firefox

[07/08/2009|03:09] C:\Program Files\MSBuild

[06/01/2006|06:28] C:\Program Files\MSN

[06/01/2006|06:29] C:\Program Files\MSN Gaming Zone

[17/08/2006|21:33] C:\Program Files\MSN Messenger

[24/11/2006|15:40] C:\Program Files\MSXML 4.0

[07/08/2009|03:02] C:\Program Files\MSXML 6.0

[03/11/2009|16:44] C:\Program Files\Navilog1

[03/09/2006|20:30] C:\Program Files\Nero

[06/01/2006|06:29] C:\Program Files\NetMeeting

[06/01/2006|06:58] C:\Program Files\NewTech Infosystems

[06/01/2006|06:29] C:\Program Files\Online Services

[24/11/2008|19:25] C:\Program Files\OrangeHSS

[06/01/2006|06:29] C:\Program Files\Outlook Express

[17/02/2009|11:43] C:\Program Files\PhotoFiltre

[06/01/2006|06:42] C:\Program Files\Realtek

[07/08/2009|03:09] C:\Program Files\Reference Assemblies

[20/02/2007|10:53] C:\Program Files\Samsung

[18/08/2006|04:03] C:\Program Files\Securitoo

[06/01/2006|06:30] C:\Program Files\Services en ligne

[24/12/2006|18:22] C:\Program Files\Softwin

[06/01/2006|06:48] C:\Program Files\Synaptics

[04/06/2009|14:25] C:\Program Files\UbiSoft

[06/01/2006|06:36] C:\Program Files\Uninstall Information

[17/08/2006|21:13] C:\Program Files\Wanadoo

[21/11/2007|18:10] C:\Program Files\Windows Live

[29/05/2009|17:03] C:\Program Files\Windows Live SkyDrive

[06/01/2006|06:29] C:\Program Files\Windows Media Player

[06/01/2006|06:28] C:\Program Files\Windows NT

[06/01/2006|06:30] C:\Program Files\WindowsUpdate

[18/08/2006|02:48] C:\Program Files\WinPCap

[18/08/2006|03:40] C:\Program Files\WinRAR

[06/01/2006|06:31] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[06/01/2006|06:51] C:\Program Files\Fichiers communs\Adobe

[03/09/2006|20:30] C:\Program Files\Fichiers communs\Ahead

[21/11/2007|17:03] C:\Program Files\Fichiers communs\Carlson

[12/11/2006|11:38] C:\Program Files\Fichiers communs\Designer

[24/11/2008|19:20] C:\Program Files\Fichiers communs\France Telecom

[28/08/2009|12:17] C:\Program Files\Fichiers communs\Hewlett-Packard

[28/08/2009|12:17] C:\Program Files\Fichiers communs\HP

[06/01/2006|06:37] C:\Program Files\Fichiers communs\InstallShield

[21/08/2006|21:39] C:\Program Files\Fichiers communs\Java

[02/08/2007|13:04] C:\Program Files\Fichiers communs\logishrd

[06/01/2006|06:25] C:\Program Files\Fichiers communs\Microsoft Shared

[06/01/2006|06:30] C:\Program Files\Fichiers communs\MSSoap

[06/01/2006|06:58] C:\Program Files\Fichiers communs\muvee Technologies

[06/01/2006|06:58] C:\Program Files\Fichiers communs\NewTech Infosystems

[06/01/2006|06:25] C:\Program Files\Fichiers communs\ODBC

[06/01/2006|06:30] C:\Program Files\Fichiers communs\Services

[24/12/2006|18:21] C:\Program Files\Fichiers communs\Softwin

[06/01/2006|06:25] C:\Program Files\Fichiers communs\SpeechEngines

[06/01/2006|06:29] C:\Program Files\Fichiers communs\System

[29/05/2009|16:56] C:\Program Files\Fichiers communs\Windows Live

[21/11/2007|18:10] C:\Program Files\Fichiers communs\WindowsLiveInstaller

 

--------------------\\ Process

 

( 62 Processes )

 

IEXPLORE.EXE ~ [PID:704]

IEXPLORE.EXE ~ [PID:2268]

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS

C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\AXISNEW.exe

C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\JoyPokeForkBlue.exe

C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\Thunkdeafgreat.exe

C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\harpkabe.exe

C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\ntuimhms.exe

C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\ewsywtjf.exe

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Debug Cdrom.exe

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Debug Cdrom.dat

C:\DOCUME~1\tousch\APPLIC~1\elsepl~1

C:\DOCUME~1\tousch\APPLIC~1\elsepl~1\AXISNEW.exe

C:\DOCUME~1\tousch\APPLIC~1\elsepl~1\JoyPokeForkBlue.exe

C:\DOCUME~1\tousch\APPLIC~1\elsepl~1\Thunkdeafgreat.exe

C:\DOCUME~1\tousch\APPLIC~1\elsepl~1\harpkabe.exe

C:\DOCUME~1\tousch\APPLIC~1\elsepl~1\ntuimhms.exe

C:\DOCUME~1\tousch\APPLIC~1\elsepl~1\ewsywtjf.exe

C:\Program Files\Adverts

C:\DOCUME~1\tousch\Cookies\tousch@d2.advertserve[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@www.adserver5[2].txt

C:\DOCUME~1\tousch\Cookies\tousch@advertising[2].txt

C:\DOCUME~1\tousch\Cookies\tousch@advertising[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@advertising[3].txt

C:\DOCUME~1\tousch\Cookies\tousch@booking.db.advertising[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@fr.seafight.bigpoint[2].txt

C:\DOCUME~1\tousch\Cookies\tousch@fr.deepolis.bigpoint[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@thepimps.bigpoint[2].txt

C:\DOCUME~1\tousch\Cookies\tousch@serve.cotedazurpalace[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@fr.pacificpoker[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@partypoker[2].txt

C:\DOCUME~1\tousch\Cookies\tousch@partypoker[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@fr.seafight.bigpoint[2].txt

C:\DOCUME~1\tousch\Cookies\tousch@www.32vegas[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@cc.2xmoinscher[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@888[1].txt

C:\WINDOWS\Tasks\AEE3ED2591889FE9.job

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"book ante"="C:\\DOCUME~1\\tousch\\APPLIC~1\\ELSEPL~1\\AXISNEW.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ROAD ITCH AMOK PING"="C:\\Documents and Settings\\All Users\\Application Data\\Long slow road itch\\Debug Cdrom.exe"

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts MODIFIE

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

-> 72 [ 70 ## added by CiD ]

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-03 16:57:34

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:17][D:1]-> C:\DOCUME~1\tousch\LOCALS~1\Temp

[F:2306][D:0]-> C:\DOCUME~1\tousch\Cookies

[F:6][D:4]-> C:\DOCUME~1\tousch\LOCALS~1\TEMPOR~1\content.IE5

[F:20][D:4]-> C:\Recycled

 

1 - "C:\Lop SD\LopR_1.txt" - 03/11/2009|17:01 - Option : [1]

 

--------------------\\ Fin du rapport a 17:01:19

 

 

 

------------------------------------------

Raport Lop S&D / Option 2 suppression:

------------------------------------------

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz )

BIOS : Phoenix NoteBIOS 4.0 Release 6.1

USER : tousch ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.26 (Activated)

Firewall : Bitdefender Firewall 8.0 (Not Activated)

C:\ (Local Disk) - FAT32 - Total:44 Go (Free:21 Go)

D:\ (Local Disk) - FAT32 - Total:44 Go (Free:44 Go)

E:\ (CD or DVD)

F:\ (USB) - FAT32 - Total:1963 Mo (Free:1 Go)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 03/11/2009|17:02 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\AXISNEW.exe

Supprime! - C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\JoyPokeForkBlue.exe

Supprime! - C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\Thunkdeafgreat.exe

Supprime! - C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\harpkabe.exe

Supprime! - C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\ntuimhms.exe

Supprime! - C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS\ewsywtjf.exe

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Debug Cdrom.exe

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Debug Cdrom.dat

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@d2.advertserve[1].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@www.adserver5[2].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@advertising[2].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@advertising[1].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@advertising[3].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@booking.db.advertising[1].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@fr.seafight.bigpoint[2].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@fr.deepolis.bigpoint[1].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@thepimps.bigpoint[2].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@serve.cotedazurpalace[1].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@fr.pacificpoker[1].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@partypoker[2].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@partypoker[1].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@www.32vegas[1].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@cc.2xmoinscher[1].txt

Supprime! - C:\DOCUME~1\tousch\Cookies\tousch@888[1].txt

Supprime! - C:\WINDOWS\Tasks\AEE3ED2591889FE9.job

Supprime! - C:\DOCUME~1\tousch\APPLIC~1\ELSE PLUS

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch

Supprime! - C:\Program Files\Adverts

-

[ Fichier Hosts ] .. Restaure!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[06/01/2006|06:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[06/01/2006|06:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[18/08/2006|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acer

[06/01/2006|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[02/11/2009|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[24/12/2006|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender

[06/01/2006|06:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[03/09/2009|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard

[28/08/2009|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[28/08/2009|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant

[03/03/2009|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM

[03/03/2009|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail

[18/08/2006|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel

[02/11/2009|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[08/09/2006|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[06/01/2006|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[03/09/2009|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG

[27/08/2006|21:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[21/11/2007|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[06/01/2006|06:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[06/01/2006|06:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[18/08/2006|02:51] C:\DOCUME~1\tousch\APPLIC~1\Acer

[26/08/2006|00:45] C:\DOCUME~1\tousch\APPLIC~1\Adobe

[12/11/2006|14:05] C:\DOCUME~1\tousch\APPLIC~1\AdobeUM

[03/09/2006|20:33] C:\DOCUME~1\tousch\APPLIC~1\Ahead

[24/12/2006|18:34] C:\DOCUME~1\tousch\APPLIC~1\Bitdefender

[18/08/2006|17:28] C:\DOCUME~1\tousch\APPLIC~1\CyberLink

[17/12/2008|14:35] C:\DOCUME~1\tousch\APPLIC~1\EoRezo

[21/08/2006|21:16] C:\DOCUME~1\tousch\APPLIC~1\Help

[03/09/2009|11:58] C:\DOCUME~1\tousch\APPLIC~1\HP

[23/01/2009|15:15] C:\DOCUME~1\tousch\APPLIC~1\Icone

[06/01/2006|06:36] C:\DOCUME~1\tousch\APPLIC~1\Identities

[20/12/2008|16:57] C:\DOCUME~1\tousch\APPLIC~1\InstallShield

[20/12/2008|16:59] C:\DOCUME~1\tousch\APPLIC~1\LG Electronics

[20/12/2008|17:10] C:\DOCUME~1\tousch\APPLIC~1\LGSync

[18/08/2006|02:44] C:\DOCUME~1\tousch\APPLIC~1\Macromedia

[06/01/2006|06:25] C:\DOCUME~1\tousch\APPLIC~1\Microsoft

[17/12/2008|14:38] C:\DOCUME~1\tousch\APPLIC~1\Mozilla

[17/12/2008|14:38] C:\DOCUME~1\tousch\APPLIC~1\SecondLife

[04/06/2009|14:38] C:\DOCUME~1\tousch\APPLIC~1\SecuROM

[21/08/2006|21:47] C:\DOCUME~1\tousch\APPLIC~1\Sun

 

[06/01/2006|06:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[06/01/2006|06:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[03/11/2009 14:29][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[03/11/2009 16:49][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[06/01/2006|06:52] C:\Program Files\Acer

[06/01/2006|06:50] C:\Program Files\Acer Inc

[06/01/2006|06:51] C:\Program Files\Adobe

[02/11/2009|17:49] C:\Program Files\Avira

[02/11/2009|23:10] C:\Program Files\CCleaner

[06/01/2006|06:29] C:\Program Files\ComPlus Applications

[06/01/2006|06:42] C:\Program Files\CONEXANT

[06/01/2006|06:53] C:\Program Files\CyberLink

[08/12/2006|20:06] C:\Program Files\eMule

[06/01/2006|06:25] C:\Program Files\Fichiers communs

[28/08/2009|12:17] C:\Program Files\Hewlett-Packard

[28/08/2009|12:16] C:\Program Files\HP

[06/01/2006|06:37] C:\Program Files\InstallShield Installation Information

[06/01/2006|06:37] C:\Program Files\Intel

[06/01/2006|06:29] C:\Program Files\Internet Explorer

[21/08/2006|21:45] C:\Program Files\Java

[18/08/2006|02:46] C:\Program Files\Launch Manager

[20/12/2008|17:00] C:\Program Files\LG Electronics

[20/12/2008|16:58] C:\Program Files\LGE GSM PC Sync

[21/08/2006|21:32] C:\Program Files\LimeWire

[06/01/2006|06:29] C:\Program Files\Messenger

[08/09/2006|12:21] C:\Program Files\MessengerPlus! 3

[29/05/2009|17:03] C:\Program Files\Microsoft

[06/01/2006|06:31] C:\Program Files\microsoft frontpage

[25/01/2007|21:19] C:\Program Files\Microsoft Games

[12/11/2006|11:37] C:\Program Files\Microsoft Office

[29/05/2009|17:11] C:\Program Files\Microsoft Silverlight

[29/05/2009|17:05] C:\Program Files\Microsoft SQL Server Compact Edition

[29/05/2009|17:06] C:\Program Files\Microsoft Sync Framework

[06/01/2006|06:29] C:\Program Files\Movie Maker

[22/02/2009|19:04] C:\Program Files\Mozilla Firefox

[07/08/2009|03:09] C:\Program Files\MSBuild

[06/01/2006|06:28] C:\Program Files\MSN

[06/01/2006|06:29] C:\Program Files\MSN Gaming Zone

[17/08/2006|21:33] C:\Program Files\MSN Messenger

[24/11/2006|15:40] C:\Program Files\MSXML 4.0

[07/08/2009|03:02] C:\Program Files\MSXML 6.0

[03/11/2009|16:44] C:\Program Files\Navilog1

[03/09/2006|20:30] C:\Program Files\Nero

[06/01/2006|06:29] C:\Program Files\NetMeeting

[06/01/2006|06:58] C:\Program Files\NewTech Infosystems

[06/01/2006|06:29] C:\Program Files\Online Services

[24/11/2008|19:25] C:\Program Files\OrangeHSS

[06/01/2006|06:29] C:\Program Files\Outlook Express

[17/02/2009|11:43] C:\Program Files\PhotoFiltre

[06/01/2006|06:42] C:\Program Files\Realtek

[07/08/2009|03:09] C:\Program Files\Reference Assemblies

[20/02/2007|10:53] C:\Program Files\Samsung

[18/08/2006|04:03] C:\Program Files\Securitoo

[06/01/2006|06:30] C:\Program Files\Services en ligne

[24/12/2006|18:22] C:\Program Files\Softwin

[06/01/2006|06:48] C:\Program Files\Synaptics

[04/06/2009|14:25] C:\Program Files\UbiSoft

[06/01/2006|06:36] C:\Program Files\Uninstall Information

[17/08/2006|21:13] C:\Program Files\Wanadoo

[21/11/2007|18:10] C:\Program Files\Windows Live

[29/05/2009|17:03] C:\Program Files\Windows Live SkyDrive

[06/01/2006|06:29] C:\Program Files\Windows Media Player

[06/01/2006|06:28] C:\Program Files\Windows NT

[06/01/2006|06:30] C:\Program Files\WindowsUpdate

[18/08/2006|02:48] C:\Program Files\WinPCap

[18/08/2006|03:40] C:\Program Files\WinRAR

[06/01/2006|06:31] C:\Program Files\xerox

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[06/01/2006|06:51] C:\Program Files\Fichiers communs\Adobe

[03/09/2006|20:30] C:\Program Files\Fichiers communs\Ahead

[21/11/2007|17:03] C:\Program Files\Fichiers communs\Carlson

[12/11/2006|11:38] C:\Program Files\Fichiers communs\Designer

[24/11/2008|19:20] C:\Program Files\Fichiers communs\France Telecom

[28/08/2009|12:17] C:\Program Files\Fichiers communs\Hewlett-Packard

[28/08/2009|12:17] C:\Program Files\Fichiers communs\HP

[06/01/2006|06:37] C:\Program Files\Fichiers communs\InstallShield

[21/08/2006|21:39] C:\Program Files\Fichiers communs\Java

[02/08/2007|13:04] C:\Program Files\Fichiers communs\logishrd

[06/01/2006|06:25] C:\Program Files\Fichiers communs\Microsoft Shared

[06/01/2006|06:30] C:\Program Files\Fichiers communs\MSSoap

[06/01/2006|06:58] C:\Program Files\Fichiers communs\muvee Technologies

[06/01/2006|06:58] C:\Program Files\Fichiers communs\NewTech Infosystems

[06/01/2006|06:25] C:\Program Files\Fichiers communs\ODBC

[06/01/2006|06:30] C:\Program Files\Fichiers communs\Services

[24/12/2006|18:21] C:\Program Files\Fichiers communs\Softwin

[06/01/2006|06:25] C:\Program Files\Fichiers communs\SpeechEngines

[06/01/2006|06:29] C:\Program Files\Fichiers communs\System

[29/05/2009|16:56] C:\Program Files\Fichiers communs\Windows Live

[21/11/2007|18:10] C:\Program Files\Fichiers communs\WindowsLiveInstaller

 

--------------------\\ Process

 

( 62 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-03 17:07:35

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:17][D:1]-> C:\DOCUME~1\tousch\LOCALS~1\Temp

[F:2290][D:0]-> C:\DOCUME~1\tousch\Cookies

[F:6][D:4]-> C:\DOCUME~1\tousch\LOCALS~1\TEMPOR~1\content.IE5

[F:20][D:4]-> C:\Recycled

 

1 - "C:\Lop SD\LopR_1.txt" - 03/11/2009|17:01 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 03/11/2009|17:09 - Option : [2]

 

--------------------\\ Fin du rapport a 17:09:16

 

 

 

Merci d'avance,

Amicalement,

Vincent

[Apollo]

Re,

 

Bien! Deux de moins

 

Pour Lop, refuse par exemple, d'installer le "sponsor" de Live Messenger Plus! (c'est lop)

 

Pour éviter les infections Navipromo:

 

 

Ne jamais (ré)installer :

# Live-Player (live-player.com)

# Go-astro

# GoRecord

# HotTVPlayer

# MailSkinner

# Messenger Skinner

# Instant Access

# InternetGameBox

# Sudoplanet

# games-desktop.com

# WebMediaplayer sauf celui du créateur Florian Delaunay -> http://www.azertysite.new.fr/

etc...

 

*** Télécharge Ad-Remover de C-XX et Enregistre-le sur le bureau.

 

Ou ici: http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

 

Ferme toutes les applications ouvertes pour l'installer.

 

Sous Vista: Désactiver provisoirement l'UAC comme expliqué ICI

 

Double-clique (Clic droit/exécuter comme administrateur pour Vista) sur l'icône placée sur le bureau.

 

Si le firewall se manifeste, accorde les autorisations à l'outil pour qu'il puisse travailler.

 

TUTO: http://pagesperso-orange.fr/NosTools/tuto_adr_3.html

 

Tape L (Nettoyer) Valide par la touche Enter.

 

Le bureau va disparaitre, c'est normal!

 

Appuyer sur n'importe quelle touche lorsque cela sera demandé et le rapport apparaitra.

 

Le rapport se trouve aussi sous C:\Ad-Report Clean.

Copie/colle-le dans ta réponse stp.

 

Réactiver l'UAC de Vista. (Si Vista bien sûr!).

 

La page d'accueil sera peut-être changée; il suffit de remettre sa page habituelle via les options internet.

 

NB: Désinstalle Ad-Remover en le lançant puis en tapant D , et valider par la touche Enter.

 

@++

[vincent_57]

Voici le Rapport de AD-Remover.

 

.

======= RAPPORT D'AD-REMOVER 1.1.4.6_A | UNIQUEMENT XP/VISTA/7 =======

.

Mit à jour par C_XX le 18.10.2009 à 19:05

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Lancé à: 17:26:41, 03/11/2009 | Mode Normal | Option: CLEAN

Exécuté de: C:\Program Files\Ad-Remover\

Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600

Nom du PC: ELODIE | Utilisateur actuel: tousch

.

============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============

.

 

HKCU\Software\EoRezo

HKLM\Software\EoRezo

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine

.

C:\DOCUME~1\tousch\APPLIC~1\EoRezo

C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-0111B57E.pf

C:\DOCUME~1\tousch\Cookies\tousch@simyo[2].txt

C:\DOCUME~1\tousch\Cookies\tousch@dl.eorezo[1].txt

C:\DOCUME~1\tousch\Cookies\tousch@eurobarre[2].txt

C:\DOCUME~1\tousch\Cookies\tousch@rotator.adjuggler[2].txt

C:\DOCUME~1\tousch\Cookies\tousch@kiwee[1].txt

 

(!) -- Fichiers temporaires supprimés.

 

.

============== Scan additionnel ==============

.

.

* Mozilla FireFox Version 2.0.0.20 [fr] *

.

Nom du profil: 56p7mnie.default (tousch)

.

(Prefs.js) user_pref("browser.search.defaultenginename", "Live Search");

(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");

(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=");

(Prefs.js) user_pref("browser.startup.homepage", "hxxp://go.microsoft.com/fwlink/?LinkId=69157");

(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.20");

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Start Page: hxxp://fr.msn.com/

Start Page Redirect Cache_TIMESTAMP: NARY 6cdc7a69a43aca01

Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp

Start Page Redirect Cache AcceptLangs: fr

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

===================================

.

2802 Octet(s) - C:\Ad-Report-CLEAN[1].log

.

0 Fichier(s) - C:\DOCUME~1\tousch\LOCALS~1\Temp

3 Fichier(s) - C:\WINDOWS\Temp

.

18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP

41 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE

.

Fin à: 17:51:33 | 03/11/2009 - CLEAN[1]

.

============== E.O.F ==============

.

 

 

Merci,

Vincent

[Apollo]

Re

 

Mozilla FireFox Version 2.0.0.20 [fr]

 

Mets le navigateur à jour

 

http://www.mozilla-europe.org/fr/firefox/

 

-----------------

Pour désinstaller Ad-Remover, lance-le et tape D et valide par Ok.

 

-------------------------------

Télécharger ATF Cleaner par Atribune.

• Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
   
  Double-clique ATF-Cleaner.exe afin de lancer le programme.
  --> Sous Vista: Clic droit/exécuter en temps qu'administrateur.
   
  Sous l'onglet Main, choisis : Select All
  Cliquer sur le bouton Empty Selected
  

Si tu utilises le navigateur Firefox :

• Clique Firefox au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
  

Si tu utilises le navigateur Opera :

• Clique Opera au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.
  

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

---------------------------------

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

Si MBAM demande à redémarrer le pc, fais-le.

 

!!! Ne pas vider la quarantaine de MBAM sans avis !!!

 

Poste également un nouveau log Hijackthis stp.

 

@+tard

[vincent_57]

Re bonsoir,

--------------------------

Voici le Rapport MBAM

--------------------------

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 3030

Windows 5.1.2600 Service Pack 2

 

03/11/2009 21:23:54

mbam-log-2009-11-03 (21-23-54).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 168406

Temps écoulé: 28 minute(s), 58 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 6

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 36

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\qosname32.dll (Trojan.Dropper) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{024cb2a5-dc8f-40e7-893e-9268a235e2b6} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{024cb2a5-dc8f-40e7-893e-9268a235e2b6} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{024cb2a5-dc8f-40e7-893e-9268a235e2b6} (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Carlson (Trojan.Dialer) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\Fichiers communs\Carlson (Trojan.Dialer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\qosname32.dll (Trojan.BHO.H) -> Delete on reboot.

C:\WINDOWS\system32\kbdusl32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FE.tmp (Worm.P2P) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jsfr32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ntlanui32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winstrm32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\72.tmp (Worm.P2P) -> Quarantined and deleted successfully.

C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\tousch\APPLIC~1\EOREZO\SOFTWA~1\SoftwareUpdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.

C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\tousch\APPLIC~1\EOREZO\SOFTWA~1\SoftwareUpdateHP.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP492\A0044771.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP492\A0044772.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP492\A0044773.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP493\A0046907.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP496\A0050923.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP496\A0050930.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP496\A0050950.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP496\A0051205.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP496\A0051206.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\313.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\314.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\315.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LocalService\316.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.

C:\Documents and Settings\tousch\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Menu Démarrer\carlton (Trojan.Dialer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.

 

--------------------------

Et le nouveau de HJT

--------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:31:56, on 03/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Acer\Empowering Technology\admServ.exe

C:\acer\Empowering Technology\ePower\epm-dm.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

C:\WINDOWS\Twain_32\HiCam USB 2.0 PCam S\SnapTrap.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\verf.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\mspbmgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\mspbinj.exe

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\mspbinj.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe

F:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sTICAP] C:\WINDOWS\Twain_32\HiCam USB 2.0 PCam S\SnapTrap.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: verf.exe

O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O20 - AppInit_DLLs: sockspy.dll,C:\WINDOWS\System32\ncxpnt32.dll

O20 - Winlogon Notify: 320d180e689 - C:\WINDOWS\System32\ncxpnt32.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: Host Service (PbManager) - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\mspbmgr.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 11009 bytes

 

 

 

Merci,

Vincent

Modifié le 3 novembre 2009 par vincent_57

[Apollo]

Bonjour Vincent,

 

Je voudrais que tu fasses analyser deux fichiers stp.

 

Rends toi sur ce lien : Virus Total

• Clique sur le bouton Parcourir...
  
• Parcours tes dossiers jusque à ce fichier, si tu le trouves :
  

• C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\verf.exe
  

• Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  
• Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  
• Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  
• Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
  
• Une nouvelle fenêtre de ton navigateur va apparaître
  
• Clique alors sur cette image :
  
• Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  
• Enfin colle le résultat dans ta prochaine réponse.
  NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
  

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

 

*** Fais-en de même avec celui-ci: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\mspbinj.exe

 

Il faudra que tu découvres les fichiers et dossiers cachés pour le faire >>

 

Afficher les dossiers/fichiers cachés sous XP

 

@+tard

[vincent_57]

Bonjour,

 

Voici le premier Log avec le fichier Verf.exe :

 

 

 

Fichier verf.exe reçu le 2009.11.04 13:38:11 (UTC)

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.41 2009.11.04 -

AhnLab-V3 5.0.0.2 2009.11.04 -

AntiVir 7.9.1.53 2009.11.04 TR/Agent.123392.8

Antiy-AVL 2.0.3.7 2009.11.04 -

Authentium 5.2.0.5 2009.11.04 -

Avast 4.8.1351.0 2009.11.03 -

AVG 8.5.0.423 2009.11.04 -

BitDefender 7.2 2009.11.04 DeepScan:Generic.Malware.FP!.5630959D

CAT-QuickHeal 10.00 2009.11.04 -

ClamAV 0.94.1 2009.11.04 -

Comodo 2836 2009.11.04 -

DrWeb 5.0.0.12182 2009.11.04 Trojan.Spambot.4653

eSafe 7.0.17.0 2009.11.03 Suspicious File

eTrust-Vet 35.1.7101 2009.11.04 -

F-Prot 4.5.1.85 2009.11.04 -

F-Secure 9.0.15370.0 2009.11.04 Trojan:W32/Agent.MGM

Fortinet 3.120.0.0 2009.11.04 -

GData 19 2009.11.04 DeepScan:Generic.Malware.FP!.5630959D

Ikarus T3.1.1.74.0 2009.11.04 -

Jiangmin 11.0.800 2009.11.04 -

K7AntiVirus 7.10.887 2009.11.03 -

Kaspersky 7.0.0.125 2009.11.04 -

McAfee 5791 2009.11.03 -

McAfee+Artemis 5791 2009.11.03 -

McAfee-GW-Edition 6.8.5 2009.11.04 Heuristic.BehavesLike.Win32.ModifiedUPX.B!92

Microsoft 1.5202 2009.11.04 -

NOD32 4572 2009.11.04 -

Norman 6.03.02 2009.11.04 W32/Agent.SDOF

nProtect 2009.1.8.0 2009.11.04 -

Panda 10.0.2.2 2009.11.03 Trj/CI.A

PCTools 7.0.3.5 2009.11.04 -

Prevx 3.0 2009.11.04 -

Rising 21.54.24.00 2009.11.04 -

Sophos 4.47.0 2009.11.04 -

Sunbelt 3.2.1858.2 2009.11.04 -

Symantec 1.4.4.12 2009.11.04 -

TheHacker 6.5.0.2.060 2009.11.04 -

TrendMicro 9.0.0.1003 2009.11.04 PAK_Generic.001

VBA32 3.12.10.11 2009.11.03 -

ViRobot 2009.11.4.2021 2009.11.04 -

VirusBuster 4.6.5.0 2009.11.03 -

Information additionnelle

File size: 123392 bytes

MD5   : 641cafd130ab7fcb585e6857c056064c

SHA1  : 3e2164dcf0c8e299a93edfe45762ef2d79647f0f

SHA256: 1eea71fdecd9e89080660c8a8e8b98d4cab831d50be334462100084c8f7f4bd6

PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x4FC20<br> timedatestamp.....: 0x4AD23870 (Sun Oct 11 21:56:32 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> UPX0 0x1000 0x38000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x39000 0x18000 0x17A00 7.99 1aa2b5b9699ce2eceb4094945a237ed0<br>.rsrc 0x51000 0x7000 0x6400 4.36 83fc2b62d6f10577d5e711a3d8154417<br> <br> ( 7 imports )<br> <br>> advapi32.dll: FreeSid<br>> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> netapi32.dll: NetApiBufferFree<br>> psapi.dll: EnumProcesses<br>> shell32.dll: SHGetFolderPathA<br>> shlwapi.dll: PathFileExistsA<br>> ws2_32.dll: -<br> <br> ( 0 exports )<br>

TrID  : File type identification<br>UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)

ssdeep: 3072://2svXpa3Pvm8iQxweGjldhEwyHRoout1:2svXpa3PriQ+jzewWooS1

PEiD  : -

packers (Kaspersky): UPX

packers (F-Prot): UPX_LZMA

RDS   : NSRL Reference Data Set<br>-

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.41 2009.11.04 -

AhnLab-V3 5.0.0.2 2009.11.04 -

AntiVir 7.9.1.53 2009.11.04 TR/Agent.123392.8

Antiy-AVL 2.0.3.7 2009.11.04 -

Authentium 5.2.0.5 2009.11.04 -

Avast 4.8.1351.0 2009.11.03 -

AVG 8.5.0.423 2009.11.04 -

BitDefender 7.2 2009.11.04 DeepScan:Generic.Malware.FP!.5630959D

CAT-QuickHeal 10.00 2009.11.04 -

ClamAV 0.94.1 2009.11.04 -

Comodo 2836 2009.11.04 -

DrWeb 5.0.0.12182 2009.11.04 Trojan.Spambot.4653

eSafe 7.0.17.0 2009.11.03 Suspicious File

eTrust-Vet 35.1.7101 2009.11.04 -

F-Prot 4.5.1.85 2009.11.04 -

F-Secure 9.0.15370.0 2009.11.04 Trojan:W32/Agent.MGM

Fortinet 3.120.0.0 2009.11.04 -

GData 19 2009.11.04 DeepScan:Generic.Malware.FP!.5630959D

Ikarus T3.1.1.74.0 2009.11.04 -

Jiangmin 11.0.800 2009.11.04 -

K7AntiVirus 7.10.887 2009.11.03 -

Kaspersky 7.0.0.125 2009.11.04 -

McAfee 5791 2009.11.03 -

McAfee+Artemis 5791 2009.11.03 -

McAfee-GW-Edition 6.8.5 2009.11.04 Heuristic.BehavesLike.Win32.ModifiedUPX.B!92

Microsoft 1.5202 2009.11.04 -

NOD32 4572 2009.11.04 -

Norman 6.03.02 2009.11.04 W32/Agent.SDOF

nProtect 2009.1.8.0 2009.11.04 -

Panda 10.0.2.2 2009.11.03 Trj/CI.A

PCTools 7.0.3.5 2009.11.04 -

Prevx 3.0 2009.11.04 -

Rising 21.54.24.00 2009.11.04 -

Sophos 4.47.0 2009.11.04 -

Sunbelt 3.2.1858.2 2009.11.04 -

Symantec 1.4.4.12 2009.11.04 -

TheHacker 6.5.0.2.060 2009.11.04 -

TrendMicro 9.0.0.1003 2009.11.04 PAK_Generic.001

VBA32 3.12.10.11 2009.11.03 -

ViRobot 2009.11.4.2021 2009.11.04 -

VirusBuster 4.6.5.0 2009.11.03 -

 

Information additionnelle

File size: 123392 bytes

MD5   : 641cafd130ab7fcb585e6857c056064c

SHA1  : 3e2164dcf0c8e299a93edfe45762ef2d79647f0f

SHA256: 1eea71fdecd9e89080660c8a8e8b98d4cab831d50be334462100084c8f7f4bd6

PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x4FC20<br> timedatestamp.....: 0x4AD23870 (Sun Oct 11 21:56:32 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> UPX0 0x1000 0x38000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x39000 0x18000 0x17A00 7.99 1aa2b5b9699ce2eceb4094945a237ed0<br>.rsrc 0x51000 0x7000 0x6400 4.36 83fc2b62d6f10577d5e711a3d8154417<br> <br> ( 7 imports )<br> <br>> advapi32.dll: FreeSid<br>> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> netapi32.dll: NetApiBufferFree<br>> psapi.dll: EnumProcesses<br>> shell32.dll: SHGetFolderPathA<br>> shlwapi.dll: PathFileExistsA<br>> ws2_32.dll: -<br> <br> ( 0 exports )<br>

TrID  : File type identification<br>UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)

ssdeep: 3072://2svXpa3Pvm8iQxweGjldhEwyHRoout1:2svXpa3PriQ+jzewWooS1

PEiD  : -

packers (Kaspersky): UPX

packers (F-Prot): UPX_LZMA

RDS   : NSRL Reference Data Set<br>-

 

 

Voici le 2eme log sur le fichier mspbinj.exe

 

 

Fichier mspbinj.exe reçu le 2009.11.04 15:40:09 (UTC)

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.41 2009.11.04 -

AhnLab-V3 5.0.0.2 2009.11.04 -

AntiVir 7.9.1.53 2009.11.04 TR/Pincav.hzy

Antiy-AVL 2.0.3.7 2009.11.04 Trojan/Win32.Pincav.gen

Authentium 5.2.0.5 2009.11.04 -

Avast 4.8.1351.0 2009.11.03 -

AVG 8.5.0.423 2009.11.04 -

BitDefender 7.2 2009.11.04 -

CAT-QuickHeal 10.00 2009.11.04 Trojan.Pincav.jak

ClamAV 0.94.1 2009.11.04 -

Comodo 2837 2009.11.04 -

DrWeb 5.0.0.12182 2009.11.04 Trojan.MulDrop.35807

eSafe 7.0.17.0 2009.11.04 Suspicious File

eTrust-Vet 35.1.7101 2009.11.04 -

F-Prot 4.5.1.85 2009.11.04 -

F-Secure 9.0.15370.0 2009.11.04 -

Fortinet 3.120.0.0 2009.11.04 -

GData 19 2009.11.04 -

Ikarus T3.1.1.74.0 2009.11.04 -

Jiangmin 11.0.800 2009.11.04 Trojan/Pincav.or

K7AntiVirus 7.10.887 2009.11.03 -

Kaspersky 7.0.0.125 2009.11.04 -

McAfee 5791 2009.11.03 -

McAfee+Artemis 5791 2009.11.03 -

McAfee-GW-Edition 6.8.5 2009.11.04 Heuristic.BehavesLike.Win32.ModifiedUPX.H!92

Microsoft 1.5202 2009.11.04 -

NOD32 4573 2009.11.04 -

Norman 6.03.02 2009.11.04 -

nProtect 2009.1.8.0 2009.11.04 Trojan/W32.Pincav.182784

Panda 10.0.2.2 2009.11.03 Suspicious file

PCTools 7.0.3.5 2009.11.04 -

Prevx 3.0 2009.11.04 -

Rising 21.54.24.00 2009.11.04 -

Sophos 4.47.0 2009.11.04 -

Sunbelt 3.2.1858.2 2009.11.04 -

Symantec 1.4.4.12 2009.11.04 -

TheHacker 6.5.0.2.060 2009.11.04 -

TrendMicro 9.0.0.1003 2009.11.04 -

VBA32 3.12.10.11 2009.11.03 Trojan.Win32.Pincav.hwr

ViRobot 2009.11.4.2021 2009.11.04 -

VirusBuster 4.6.5.0 2009.11.04 -

Information additionnelle

File size: 182784 bytes

MD5...: 61f5b33c9d5679fe6e18e680edbd68be

SHA1..: f18f61cc12a81f624ccac4898d6493615945a45e

SHA256: aa8098761a9340cddec4d1858f4d3b516509f7df600d93dadab8322fd6f125a6

ssdeep: 3072:cLsg2Ktl61MoZnSzTOnQ/8j5BoutGg6vWn6IAQKUkxxoprUKlyjjQ1zZiv2<br>:cLsg2K+tnZ88VBoSwWnBAtUkxfKlKQzd<br>

PEiD..: -

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x539a0<br>timedatestamp.....: 0x4ad23834 (Sun Oct 11 19:55:32 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x40000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x41000 0x14000 0x13600 7.99 8fd6848a334567a3c9763484605c121d<br>.rsrc 0x55000 0x19000 0x19000 7.23 7bbdbcc66d5f6b6bfe92e11e1410e89b<br><br>( 6 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> ADVAPI32.dll: RegCloseKey<br>> ole32.dll: OleInitialize<br>> OLEAUT32.dll: -<br>> PSAPI.DLL: EnumProcesses<br>> USER32.dll: IsWindow<br><br>( 0 exports ) <br>

RDS...: NSRL Reference Data Set<br>-

pdfid.: -

trid..: UPX compressed Win32 Executable (43.8%)<br>Win32 EXE Yoda's Crypter (38.1%)<br>Win32 Executable Generic (12.2%)<br>Generic Win/DOS Executable (2.8%)<br>DOS Executable Generic (2.8%)

sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

packers (Kaspersky): UPX

packers (F-Prot): UPX_LZMA

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.41 2009.11.04 -

AhnLab-V3 5.0.0.2 2009.11.04 -

AntiVir 7.9.1.53 2009.11.04 TR/Pincav.hzy

Antiy-AVL 2.0.3.7 2009.11.04 Trojan/Win32.Pincav.gen

Authentium 5.2.0.5 2009.11.04 -

Avast 4.8.1351.0 2009.11.03 -

AVG 8.5.0.423 2009.11.04 -

BitDefender 7.2 2009.11.04 -

CAT-QuickHeal 10.00 2009.11.04 Trojan.Pincav.jak

ClamAV 0.94.1 2009.11.04 -

Comodo 2837 2009.11.04 -

DrWeb 5.0.0.12182 2009.11.04 Trojan.MulDrop.35807

eSafe 7.0.17.0 2009.11.04 Suspicious File

eTrust-Vet 35.1.7101 2009.11.04 -

F-Prot 4.5.1.85 2009.11.04 -

F-Secure 9.0.15370.0 2009.11.04 -

Fortinet 3.120.0.0 2009.11.04 -

GData 19 2009.11.04 -

Ikarus T3.1.1.74.0 2009.11.04 -

Jiangmin 11.0.800 2009.11.04 Trojan/Pincav.or

K7AntiVirus 7.10.887 2009.11.03 -

Kaspersky 7.0.0.125 2009.11.04 -

McAfee 5791 2009.11.03 -

McAfee+Artemis 5791 2009.11.03 -

McAfee-GW-Edition 6.8.5 2009.11.04 Heuristic.BehavesLike.Win32.ModifiedUPX.H!92

Microsoft 1.5202 2009.11.04 -

NOD32 4573 2009.11.04 -

Norman 6.03.02 2009.11.04 -

nProtect 2009.1.8.0 2009.11.04 Trojan/W32.Pincav.182784

Panda 10.0.2.2 2009.11.03 Suspicious file

PCTools 7.0.3.5 2009.11.04 -

Prevx 3.0 2009.11.04 -

Rising 21.54.24.00 2009.11.04 -

Sophos 4.47.0 2009.11.04 -

Sunbelt 3.2.1858.2 2009.11.04 -

Symantec 1.4.4.12 2009.11.04 -

TheHacker 6.5.0.2.060 2009.11.04 -

TrendMicro 9.0.0.1003 2009.11.04 -

VBA32 3.12.10.11 2009.11.03 Trojan.Win32.Pincav.hwr

ViRobot 2009.11.4.2021 2009.11.04 -

VirusBuster 4.6.5.0 2009.11.04 -

 

Information additionnelle

File size: 182784 bytes

MD5...: 61f5b33c9d5679fe6e18e680edbd68be

SHA1..: f18f61cc12a81f624ccac4898d6493615945a45e

SHA256: aa8098761a9340cddec4d1858f4d3b516509f7df600d93dadab8322fd6f125a6

ssdeep: 3072:cLsg2Ktl61MoZnSzTOnQ/8j5BoutGg6vWn6IAQKUkxxoprUKlyjjQ1zZiv2<br>:cLsg2K+tnZ88VBoSwWnBAtUkxfKlKQzd<br>

PEiD..: -

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x539a0<br>timedatestamp.....: 0x4ad23834 (Sun Oct 11 19:55:32 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x40000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x41000 0x14000 0x13600 7.99 8fd6848a334567a3c9763484605c121d<br>.rsrc 0x55000 0x19000 0x19000 7.23 7bbdbcc66d5f6b6bfe92e11e1410e89b<br><br>( 6 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> ADVAPI32.dll: RegCloseKey<br>> ole32.dll: OleInitialize<br>> OLEAUT32.dll: -<br>> PSAPI.DLL: EnumProcesses<br>> USER32.dll: IsWindow<br><br>( 0 exports ) <br>

RDS...: NSRL Reference Data Set<br>-

pdfid.: -

trid..: UPX compressed Win32 Executable (43.8%)<br>Win32 EXE Yoda's Crypter (38.1%)<br>Win32 Executable Generic (12.2%)<br>Generic Win/DOS Executable (2.8%)<br>DOS Executable Generic (2.8%)

sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

packers (Kaspersky): UPX

packers (F-Prot): UPX_LZMA

 

 

Merci pour ton aide, j'attend la suite,

Amicalement

Vincent

Modifié le 4 novembre 2009 par vincent_57

[Apollo]

Re,

 

Mets Antivir à jour; si tu as des difficultés avec les serveurs, fais-la manuellement: Mises à jour manuelles d'Antivir

 

Lance ensuite une analyse complète du pc et poste le rapport qui sera généré.

 

@++