s'il vous plait aider moi virus qui supprime les fichiers .exe - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : s'il vous plait aider moi virus qui supprime les fichiers .exe
 
gign76
Profil : IDNaute
Plus d'informations
n°234800
10-09-2007 à 21:09:54

s'il vous plait aider moi j'ai un ordinateur intel core duo qui marchait bien avant q'un virus se mette dans mon ordinateur il se met a supprimer les fichiers .exe il a meme supprimer celui de mon antivirus et si j'essaye de le réinstaller il le supprime immédiatement je suis perdu!!

Liens

gign76
Profil : IDNaute
Plus d'informations
n°234820
10-09-2007 à 21:37:05

Logfile of HijackThis v1.99.1
Scan saved at 21:30:49, on 10/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\utilisateur\Application Data\tmp13F.tmp.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\drivers\hidr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Fichiers communs\AOL\1179934414\ee\aolsoftware.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\efccbyx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp140.tmp.dll
O2 - BHO: (no name) - {FC3F2B70-383D-4786-865A-B7589C073AB9} - C:\WINDOWS\system32\geeby.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ToolThird] C:\DOCUME~1\UTILIS~1\APPLIC~1\TEAMDO~1\chin does.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawfl [...] awflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{952EE0E4-8614-49FB-9D4B-FB6A484AE3AD}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljggdc.dll
O20 - Winlogon Notify: efccbyx - efccbyx.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: msadhu1 - msadhu1.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\utilisateur\Application Data\tmp13F.tmp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\AOLbox\Gateway\wlancfg.exe

Sham_Rock
<@_@>
Profil : Helper
Plus d'informations
n°234830
10-09-2007 à 21:53:25

bonsoir

les joies du p2p...

tu as attrapé bagle avec quel crack?

tu es vraiment bien infecté: en plus de bagle, il y a du vundo,du lop, plus une sale toolbar (ShoppingReport)

1

Regarde ta messagerie privée et poste ici le rapport demandé


2

~Télécharge. F-Secure Blacklight

https://europe.f-secure.com/exclude/blacklight/fsbl.exe


- Lance F-Secure Blacklight (fichier fsbl.exe)
- Accepte la licence, et clique enfin sur "Scan" puis Next et Exit.
- Un rapport fsbl-bxxxx.log (xx sont des chiffres) va être créé dans le même dossier que blbeta.exe
- Ouvre fsbl-bxxxx.log , fais un copier/coller dans ton prochain message.

Attention ! .
Il ne faut pas choisir l'option "Rename". de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe .
Tuto de F-Secure BlackLight : (merci à Malekal) .
http://www.malekal.com/tutorial_f- [...] Light.html


Message édité par Sham_Rock le 10-09-2007 à 23:07:45

---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
gign76
Profil : IDNaute
Plus d'informations
n°235083
11-09-2007 à 14:42:26


Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : C:\Documents and Settings\utilisateur\Bureau\jkw1TQGOpg_NewLopResearch\NewLopresearch

Rapport crée : Le 11/09/2007 à 14:40:27,62 PC : PC-B3794286787F


/!\ Faire analyser le rapport par un Helper avant toute intervention /!\


---------------------[ Listing des Applications Data ]--------------------


C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\city about store file
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\Escape From Paradise
C:\Documents and Settings\All Users\Application Data\SpieleEntwicklungsKombinat
C:\Documents and Settings\All Users\Application Data\AOL
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\BufferZone
C:\Documents and Settings\All Users\Application Data\PC Suite
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Dumb Web Software Ante
C:\Documents and Settings\All Users\Application Data\Mozilla
C:\Documents and Settings\All Users\Application Data\HP
C:\Documents and Settings\All Users\Application Data\Sonic
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
C:\Documents and Settings\All Users\Application Data\Apple Computer

C:\Documents and Settings\Default User\Application Data\Microsoft

C:\Documents and Settings\LocalService\Application Data\HP
C:\Documents and Settings\LocalService\Application Data\Microsoft

C:\Documents and Settings\NetworkService\Application Data\Microsoft

C:\Documents and Settings\utilisateur\Application Data\True Sword
C:\Documents and Settings\utilisateur\Application Data\m
C:\Documents and Settings\utilisateur\Application Data\teamdownloadmeta
C:\Documents and Settings\utilisateur\Application Data\LimeWire
C:\Documents and Settings\utilisateur\Application Data\EoRezo
C:\Documents and Settings\utilisateur\Application Data\WinRAR
C:\Documents and Settings\utilisateur\Application Data\Jasc
C:\Documents and Settings\utilisateur\Application Data\Macromedia
C:\Documents and Settings\utilisateur\Application Data\SpieleEntwicklungsKombinat
C:\Documents and Settings\utilisateur\Application Data\fltk.org
C:\Documents and Settings\utilisateur\Application Data\Leadertech
C:\Documents and Settings\utilisateur\Application Data\Adobe
C:\Documents and Settings\utilisateur\Application Data\ShoppingReport
C:\Documents and Settings\utilisateur\Application Data\vlc
C:\Documents and Settings\utilisateur\Application Data\dvdcss
C:\Documents and Settings\utilisateur\Application Data\Nokia Multimedia Player
C:\Documents and Settings\utilisateur\Application Data\Nokia
C:\Documents and Settings\utilisateur\Application Data\Sun
C:\Documents and Settings\utilisateur\Application Data\PC Suite
C:\Documents and Settings\utilisateur\Application Data\Google
C:\Documents and Settings\utilisateur\Application Data\Apple Computer
C:\Documents and Settings\utilisateur\Application Data\Microsoft
C:\Documents and Settings\utilisateur\Application Data\Talkback
C:\Documents and Settings\utilisateur\Application Data\Mozilla
C:\Documents and Settings\utilisateur\Application Data\DivX
C:\Documents and Settings\utilisateur\Application Data\HP
C:\Documents and Settings\utilisateur\Application Data\InstallShield
C:\Documents and Settings\utilisateur\Application Data\Help
C:\Documents and Settings\utilisateur\Application Data\ItsLabel
C:\Documents and Settings\utilisateur\Application Data\Microsoft Web Folders
C:\Documents and Settings\utilisateur\Application Data\AOL
C:\Documents and Settings\utilisateur\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\utilisateur\Application Data\Pinnacle Systems
C:\Documents and Settings\utilisateur\Application Data\InterTrust
C:\Documents and Settings\utilisateur\Application Data\Identities


----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------


C:\WINDOWS\tasks\ADA934A0916AAAD8.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini


--------------[ Listing des dossiers dans C:\Program Files ]--------------


C:\Program Files\7za.exe
C:\Program Files\8hands
C:\Program Files\Adobe
C:\Program Files\AdorageI-GfxDatas
C:\Program Files\AdorageI-SAL
C:\Program Files\Alwil Software
C:\Program Files\AOL
C:\Program Files\AOL 9.0
C:\Program Files\AOL Compagnon
C:\Program Files\AOL Toolbar
C:\Program Files\AOLbox
C:\Program Files\Ascaron Entertainment
C:\Program Files\Audacity
C:\Program Files\AviSynth 2.5
C:\Program Files\AW Europe
C:\Program Files\BitComet
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\Celestia
C:\Program Files\ComPlus Applications
C:\Program Files\DAEMON Tools
C:\Program Files\DIFX
C:\Program Files\DivX
C:\Program Files\Dynamic
C:\Program Files\EA SPORTS
C:\Program Files\e-anim701
C:\Program Files\Eidos Interactive
C:\Program Files\Electronic Arts
C:\Program Files\eMule
C:\Program Files\eoRezo
C:\Program Files\Eurobarre
C:\Program Files\Fichiers communs
C:\Program Files\Free Easy Burner
C:\Program Files\Gamenext
C:\Program Files\GameSpy Arcade
C:\Program Files\GEE
C:\Program Files\Google
C:\Program Files\Hewlett-Packard
C:\Program Files\HP
C:\Program Files\InetGet2
C:\Program Files\Internet Explorer
C:\Program Files\Inventel
C:\Program Files\Its Label
C:\Program Files\Jasc Software Inc
C:\Program Files\Java
C:\Program Files\Kaspersky Lab
C:\Program Files\KeePass Password Safe
C:\Program Files\Lavalys
C:\Program Files\Learn2.com
C:\Program Files\LimeWire
C:\Program Files\Logitech
C:\Program Files\MaCuisineLapeyre
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\MessengerPlus! 3
C:\Program Files\Micro Application
C:\Program Files\Microsoft .NET Compact Framework 1.0 SP2
C:\Program Files\Microsoft ActiveSync
C:\Program Files\Microsoft CAPICOM 2.1.0.2
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft SQL Server
C:\Program Files\Microsoft.NET
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MP3 Player Utilities 3.5.02
C:\Program Files\MSBuild
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\Multi_Media_France
C:\Program Files\MultiMedia France Toolbar
C:\Program Files\NetMeeting
C:\Program Files\Nokia
C:\Program Files\Online Services
C:\Program Files\Online_TV
C:\Program Files\Outlook Express
C:\Program Files\PC Connectivity Solution
C:\Program Files\Picasa2
C:\Program Files\Pinnacle
C:\Program Files\Player Tool
C:\Program Files\proDAD
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\Realtek
C:\Program Files\Red Kawa
C:\Program Files\Reference Assemblies
C:\Program Files\Replay Media Catcher
C:\Program Files\RM-X Player V4.2
C:\Program Files\Secured eMule
C:\Program Files\Secured_eMule
C:\Program Files\serial.dat
C:\Program Files\Services en ligne
C:\Program Files\ShoppingReport
C:\Program Files\Sierra On-Line
C:\Program Files\SmartSound Software
C:\Program Files\svchosts.tbe
C:\Program Files\teamdownloadmeta
C:\Program Files\TopDesk Trial
C:\Program Files\True Sword 4
C:\Program Files\Turn it off
C:\Program Files\Valve
C:\Program Files\VideoLAN
C:\Program Files\Viewpoint
C:\Program Files\WarRock
C:\Program Files\WIDCOMM
C:\Program Files\Windows Live
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinPop
C:\Program Files\xerox


------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]-----


C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\AOL
C:\Program Files\Fichiers communs\aolback
C:\Program Files\Fichiers communs\aolshare
C:\Program Files\Fichiers communs\Designer
C:\Program Files\Fichiers communs\FDEUnInstaller.exe
C:\Program Files\Fichiers communs\Hewlett-Packard
C:\Program Files\Fichiers communs\HP
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\Nokia
C:\Program Files\Fichiers communs\Nullsoft
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\PC SOFT
C:\Program Files\Fichiers communs\PCSuite
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\Sonic Shared
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System


----------------------[ Recherche dans le Registre ]----------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]



-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------


C:\Program Files\Multi_Media_France
C:\WINDOWS\tasks\ADA934A0916AAAD8.job


--------------------[ Vérification du fichier Hosts ]---------------------


Fichier Hosts : MODIFIE


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD


--------------------[ Recherche d'autres infections ]---------------------



/!\ VUNDO Possible !

C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\exefld

/!\ BAGLE Possible !



--------------------[ Fin du rapport à 14:40:46,87 ]----------------------

gign76
Profil : IDNaute
Plus d'informations
n°235087
11-09-2007 à 15:15:08

déja le crack etait pour turok sur pc et voici le rapport:



09/11/07 14:44:57 [Info]: BlackLight Engine 1.0.64 initialized
09/11/07 14:44:57 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/11/07 14:44:57 [Note]: 7019 4
09/11/07 14:44:57 [Note]: 7005 0
09/11/07 14:45:00 [Note]: 7006 0
09/11/07 14:45:00 [Note]: 7011 1912
09/11/07 14:45:00 [Note]: 7026 0
09/11/07 14:45:00 [Note]: 7026 0
09/11/07 14:45:00 [Note]: 7024 3
09/11/07 14:45:00 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hidr.exe
09/11/07 14:45:00 [Note]: 7024 3
09/11/07 14:45:00 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hidr.exe
09/11/07 14:45:09 [Note]: FSRAW library version 1.7.1022
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\home williamson john chansons bretonne.wm
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\House techno Club Dance - Boston DJ - Mov
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Hugues Aufray - Santiano.mp3
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Jesselyn - Contact.mp3
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Les Simpsons - Divx Francais - Fou de foo
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Les Simpsons contre-attaquent.Dessin anim
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\lets motormark singler jig go.wma
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Papi Sanchez - A Que Tu No Puedes Salsa.m
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Papi Sanchez - Dilema.mp3
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Renaud - Dès que le vent soufflera(1).mp
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\T-Pain ft. Akon - Ur Not The Same.mp3
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Techno - Dance Club Remixes - House Mix 2
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Techno - Scooter - Crank It Up (happy har
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Techno - Trance - Delerium - The Silence
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Timbaland - The Way I Are (Ft. Keri Hilso
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Timbaland - The Way I Are (Remix) feat. F
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\View iphone beer with the ultimate player
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Zion ft Akon - I love the way she moves.
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:12 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\[Full] toudou solver by CDZ (2).zip
09/11/07 14:45:12 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{50D5FE4F-D456-4F0F-8597-2C4D1FD
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{50D5FE4F-D456-4F0F-8597-2C4D1FD
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{733874D1-0AD2-434D-AF8D-3FB5563
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{733874D1-0AD2-434D-AF8D-3FB5563
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{80435C8A-523D-4CC3-B28C-2B7A70D
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{80435C8A-523D-4CC3-B28C-2B7A70D
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{CD9C0D76-9058-49A3-953B-CB3AF79
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7E
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7E
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{F8633EBC-8E79-4C00-A793-9B4F7BE
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{F8633EBC-8E79-4C00-A793-9B4F7BE
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{00000000-0000-0000-0000-0000000
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArt_{00000000-0000-0000-0000-0000000
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Folder.jpg
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Akon - Belly Dancer.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Akon ft. Eminem - Smack That.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Akon ft. Snoop_Dogg - I Wanna Fuck You.mp
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\AlbumArtSmall.jpg
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Avril Lavigne - Girl friend.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Boney M - By The River Of Babylone.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\BOUGGY WONDERLAND HAPPY FEET.MP3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Celtic Women - The Soft Goodbye.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Clara Morgane - Sexy Girl.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Cle Pour Toudou Solver.mpg
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Daft Punk - Vietnam.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\desktop.ini
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Dj Evolution - Contacto Remix.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\DJ Kurvy - Let You Go.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\DJ Pisces - Crobar Classics (Disc 2 of 2)
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\dj ranking Stand by me + Usher Yeah ( Te
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\French Les Simpsons Le Film 2007 Dvdrip.a
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Gomez.VS.Tavares.FRENCH.CAM.XViD-FeDeXFR-
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack - Gia Farrell - Hit
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack - Don't Push Me.mp3
09/11/07 14:45:13 [Note]: 10002 3
09/11/07 14:45:13 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy feet - Don't Push Me Cause I'm Clos
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack- Stevie Wonder - I
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet - Boogie Wonderland.mp3
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet - Original Soundtrack.mp3
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack - Jump 'n' Move.mp3
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack - Robin Williams -
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Info]: Hidden file: c:\Documents and Settings\utilisateur\Shared\Happy Feet Soundtrack- Brittany Murphy -
09/11/07 14:45:14 [Note]: 10002 3
09/11/07 14:45:14 [Note]: 10002 2
09/11/07 14:45:14 [Note]: 10002 2
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Empty.txt
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Filters.xml
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\Blank.txt
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample1.jpg
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample2.jpg
09/11/07 14:49:16 [Note]: 10002 3
09/11/07 14:49:16 [Note]: 10002 2
09/11/07 14:49:16 [Note]: 10002 2
09/11/07 14:55:27 [Note]: 10002 2
09/11/07 14:55:27 [Note]: 10002 2
09/11/07 14:56:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
09/11/07 14:56:12 [Note]: 10002 2
09/11/07 14:56:12 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hidr.exe
09/11/07 14:56:12 [Note]: 10002 2
09/11/07 14:57:37 [Note]: 2000 1012
09/11/07 14:57:37 [Note]: 2000 1012
09/11/07 15:12:47 [Note]: 7007 0

Sham_Rock
<@_@>
Profil : Helper
Plus d'informations
n°235168
11-09-2007 à 17:38:47

bonsoir

on commence:

déroule cette procédure exactement dans cet ordre.

1

~Télécharge le programme R-Hosts (de S!RI)
http://siri.urz.free.fr/Softs/RHosts.exe

~Lance R-Hosts.exe puis clique sur Restaurer.
Valide la modification en appuyant sur OK.

2


~Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo.
~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
~Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo



3

~Télécharge Elibagla sur cette page :
http://www.zonavirus.com/datos/des [...] ibagla.asp

Tu trouveras le programme à télécharger tout en bas de la page :,
clique sur escargar Elibagla 10.51

Enregistre ce fichier sur le bureau
Va sur ton bureau et double-clic sur Elibagla.exe
La case "eliminar ficheros automaticamente" doit être cochée
Clique sur"explorar" et laisse-le travailler
~Poste le rapport final qui sera dans c:\infosat.txt

4

Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

ajoute un nouveau rapport Hijackthis.


---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
gign76
Profil : IDNaute
Plus d'informations
n°235218
11-09-2007 à 18:43:06

VundoFix V6.5.8

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 18:33:40 11/09/2007

Listing files found while scanning....

C:\WINDOWS\system32\efccbyx.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\tmp140.tmp.dll
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tmp140.tmp.dll
C:\WINDOWS\system32\tmp140.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ybeeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

gign76
Profil : IDNaute
Plus d'informations
n°235230
11-09-2007 à 18:58:25


Tue Sep 11 18:44:46 2007
EliBagle v10.51 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\WINTEMS.EXE.Muestra EliBagle v10.51
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\HIDR.EXE.Muestra EliBagle v10.51
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Bagle Renombrado a .VIR
C:\DOCUMENTS AND SETTINGS\UTILISATEUR\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue Sep 11 18:46:08 2007
EliBagle v10.51 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

gign76
Profil : IDNaute
Plus d'informations
n°235255
11-09-2007 à 19:39:02

ComboFix 07-09-10.6 - "utilisateur" 2007-09-11 19:27:46.1 - NTFS x86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.393 [GMT 2:00]
C:\WINDOWS\system32\chkdsk.exe manque
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\Config.xml
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\db\Aliases.dbs
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\db\Sites.dbs
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\dwld\WhiteList.xip
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\report\aggr_storage.xml
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\report\send_storage.xml
C:\DOCUME~1\UTILIS~1\APPLIC~1\ShoppingReport\cs\res2\WhiteList.dbs
C:\DOCUME~1\UTILIS~1\APPLIC~1\tmp139.tmp.exe
C:\DOCUME~1\UTILIS~1\APPLIC~1\tmp13F.tmp.exe
C:\DOCUME~1\UTILIS~1\APPLIC~1\tmp140.tmp.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\popinstall.exe
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\exefld
C:\WINDOWS\system\smss.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\UpMedia
D:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers créés 2007-08-11 to 2007-09-11 ))))))))))))))))))))))))))))))))))))
.

2007-09-11 19:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 18:44 <REP> d-------- C:\Muestras
2007-09-11 18:33 <REP> d-------- C:\VundoFix Backups
2007-09-11 16:12 <REP> d-------- C:\Program Files\Microsoft Games
2007-09-11 00:43 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-11 00:43 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-11 00:43 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-11 00:43 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-11 00:43 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-11 00:43 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-11 00:43 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-11 00:41 <REP> d-------- C:\WINDOWS\system32\backuped
2007-09-11 00:37 <REP> d-------- C:\Program Files\True Sword 4
2007-09-11 00:37 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\True Sword
2007-09-11 00:32 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-10 20:23 <REP> d-------- C:\Program Files\Alwil Software
2007-09-10 20:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2007-09-10 19:59 94,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-10 19:59 2,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-10 19:57 2,138,112 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-09-06 23:39 <REP> d-------- C:\Program Files\Celestia
2007-09-06 23:28 <REP> d-------- C:\Program Files\Dynamic
2007-08-30 22:18 575 --a------ C:\WINDOWS\eReg.dat
2007-08-28 23:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\city about store file
2007-08-28 23:57 <REP> d-------- C:\Program Files\teamdownloadmeta
2007-08-28 23:54 <REP> d-------- C:\Program Files\Player Tool
2007-08-28 20:04 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\WinRAR
2007-08-28 01:03 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\Jasc
2007-08-28 01:02 <REP> d-------- C:\Program Files\Jasc Software Inc
2007-08-27 21:38 <REP> d-------- C:\Program Files\e-anim701
2007-08-24 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
2007-08-24 15:16 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-24 15:16 <REP> d-------- C:\Program Files\Gamenext
2007-08-24 15:16 <REP> d-------- C:\Program Files\AW Europe
2007-08-24 13:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-24 13:24 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-24 13:24 165,376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-08-24 13:24 <REP> d-------- C:\DOCUME~1\UTILIS~1\APPLIC~1\SpieleEntwicklungsKombinat
2007-08-24 13:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpieleEntwicklungsKombinat
2007-08-22 14:41 <REP> d-------- C:\WINDOWS\B6D5E63DEFF546169DB706D08F10B0C0.TMP
2007-08-22 14:34 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-08-21 20:09 <REP> d-------- C:\Program Files\Windows Live
2007-08-21 20:09 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-08-20 13:25 <REP> d-------- C:\Program Files\KeePass Password Safe
2007-08-19 23:05 1,984 --a------ C:\WINDOWS\system32\drivers\papycpu2.sys
2007-08-19 23:05 1,856 --a------ C:\WINDOWS\system32\drivers\papyjoy.sys
2007-08-19 23:04