VBs:malware-gen

Sujet: VBs:malware-gen Mer 7 Jan 2009 - 17:12

Mon antivirus avast détece le virus suivant:
VBs:malware-gen

J'ai des fichiers textes qui s'empilent sur mon bureau, c 'est trop chiant. please help me.

Voici mon scan hijiackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:14, on 07/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe

Sujet: Re: VBs:malware-gen Mer 7 Jan 2009 - 19:42

salut essayes ceci et postes le rapport
http://www.bibou0007.com/outils-specifiques-f78/tutorial-genproc-t967.htm

(pour info tu es encore en sp2? mets le sp3 pour éviter les failles de sécurité!)

Sujet: Re: VBs:malware-gen Mer 7 Jan 2009 - 21:16

DESOL JE NE sais pas ce que signifient SP2 et SP3...Let me know

Merci pour le coup de main et voici le rapport

SmitFraudFix v2.388

Scan done at 21:11:13,07, 07/01/2009
Run from C:\Documents and Settings\alexb\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Defenza\pcd-as.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Defenza\pcdscanner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\alexb

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\alexb\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\alexb\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\alexb\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://gfx2.hotmail.com/mail/w3/ltr/i_trend_small.gif"
"SubscribedURL"="http://gfx2.hotmail.com/mail/w3/ltr/i_trend_small.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0921A74B-CA48-41EE-A687-7985D3B86BCD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0921A74B-CA48-41EE-A687-7985D3B86BCD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Sujet: Re: VBs:malware-gen Mer 7 Jan 2009 - 22:01

re ,(fais la procédure en mode sans échec )

relances smitfraudfix et choisis l'option 2 et postes le rapport

fais un coup de malwares bytes

http://www.bibou0007.com/antispywares-f77/malwarebytes-anti-malware-t952.htm

(a mettre a jour et scan complet) postes en le rapport et supprimes tout ce qu'il t'as trouvé.

Sujet: Re: VBs:malware-gen Jeu 8 Jan 2009 - 9:57

VOICI LES RAPPORTS

SmitFraudFix v2.388

Scan done at 21:31:47,56, 07/01/2009
Run from C:\Documents and Settings\alexb\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\autorun.inf Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

read file error: C:\DOCUME~1\alexb\LOCALS~1\Temp\winlogon.exe, The system cannot find the file specified.
read file error: C:\DOCUME~1\alexb\LOCALS~1\Temp\services.exe, The system cannot find the file specified.
read file error: C:\WINDOWS\system32\cftmon.exe, The system cannot find the file specified.
read file error: C:\DOCUME~1\alexb\LOCALS~1\Temp\winlogon.exe, The system cannot find the file specified.
read file error: C:\DOCUME~1\alexb\LOCALS~1\Temp\services.exe, The system cannot find the file specified.
read file error: C:\WINDOWS\system32\cftmon.exe, The system cannot find the file specified.
read file error: C:\DOCUME~1\alexb\LOCALS~1\Temp\winlogon.exe, The system cannot find the file specified.
read file error: C:\DOCUME~1\alexb\LOCALS~1\Temp\services.exe, The system cannot find the file specified.
read file error: C:\WINDOWS\system32\cftmon.exe, The system cannot find the file specified.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:08, on 07/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alexb\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O4 - HKLM\..\Run: [MS32TMP] C:\DOCUME~1\alexb\LOCALS~1\Temp\Mskernel32.vbs
O4 - HKLM\..\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM\..\Run: [boottmp] wscript.exe /E:vbs C:\DOCUME~1\alexb\LOCALS~1\Temp\boot.ini
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\Mskernel32.vbs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7192 bytes

LE scan MALWAREBYTES n arrive pas a s executer en entier... >Donc pas de rapport.

Avast detecte encore se fameux virus autorun.inf

Merci

Alex

Sujet: Re: VBs:malware-gen Jeu 8 Jan 2009 - 19:24

slt fais un scan en ligne:

http://www.bibou0007.com/scans-en-ligne-f75/tutorial-bitdefender-online-t390.htm

(avec ie et acceptes l'active "x")tu peux désactiver ton antivirus pendant le scan!

voici, en deux temps

Merci

BitDefender Online Scanner

Rapport d'analyse généré à: Fri, Jan 09, 2009 - 10:47:06

Voie d'analyse: C:\;D:\;E:\;F:\;

Statistiques

Temps

00:46:05

Fichiers

106026

Directoires

7671

Secteurs de boot

0

Archives

1616

Paquets programmes

7067

Résultats

Virus identifiés

5

Fichiers infectés

107

Fichiers suspects

0

Avertissements

0

Désinfectés

0

Fichiers effacés

107

Info sur les moteurs

Définition virus

2415440

Version des moteurs

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins

17

Archive des plugins

45

Unpack des plugins

7

E-mail plugins

6

Système plugins

4

Paramètres d'analyse

Première action

Désinfecté

Seconde Action

Supprimé

Heuristique

Oui

Acceptez les avertissements

Oui

Extensions analysées

exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails

Oui

Analyse des Archives

Oui

Analyser paquets programmes

Oui

Analyse des fichiers

Oui

Analyse de boot

Oui

Fichier analysé

Statut

C:\Documents and Settings\alexb\Local Settings\Temp\boot.ini

Infecté par: VBS.Pica.Z

C:\Documents and Settings\alexb\Local Settings\Temp\boot.ini

Echec de la désinfection

C:\Documents and Settings\alexb\Local Settings\Temp\boot.ini

Supprimé

C:\Documents and Settings\alexb\Local Settings\Temp\Mskernel32.vbs

Infecté par: VBS.Pica.Z

C:\Documents and Settings\alexb\Local Settings\Temp\Mskernel32.vbs

Echec de la désinfection

C:\Documents and Settings\alexb\Local Settings\Temp\Mskernel32.vbs

Supprimé

C:\Mskernel32.vbs

Infecté par: VBS.Pica.Z

C:\Mskernel32.vbs

Echec de la désinfection

C:\Mskernel32.vbs

Supprimé

C:\System Volume Information\_restore{9BCA70B3-402A-43B6-935A-4755D93C6BA0}\RP48\A0047401.vbs

Infecté par: VBS.Pica.Z

C:\System Volume Information\_restore{9BCA70B3-402A-43B6-935A-4755D93C6BA0}\RP48\A0047401.vbs

Echec de la désinfection

C:\System Volume Information\_restore{9BCA70B3-402A-43B6-935A-4755D93C6BA0}\RP48\A0047401.vbs

Supprimé

C:\WINDOWS\boot.ini

Infecté par: VBS.Pica.Z

C:\WINDOWS\boot.ini

Echec de la désinfection

C:\WINDOWS\boot.ini

Supprimé

C:\WINDOWS\Mskernel32.vbs

Infecté par: VBS.Pica.Z

C:\WINDOWS\Mskernel32.vbs

Echec de la désinfection

C:\WINDOWS\Mskernel32.vbs

Supprimé

D:\Definir la cohérence.exe

Infecté par: Trojan.VBS.TPI

D:\Definir la cohérence.exe

Supprimé

D:\diversificationexpos¨¦finalfin.exe

Infecté par: Trojan.VBS.TPI

D:\diversificationexpos¨¦finalfin.exe

Supprimé

D:\diversificationexpos¨¦suite.exe

Infecté par: Trojan.VBS.TPI

D:\diversificationexpos¨¦suite.exe

Supprimé

D:\M1\cours premier semestre bis\La théorie duale de la firme entre les transactions et les compétences.exe

Infecté par: Trojan.VBS.TPI

D:\M1\cours premier semestre bis\La théorie duale de la firme entre les transactions et les compétences.exe

Supprimé

D:\M1\cours premier semestre bis\Td mémoire.exe

Infecté par: Trojan.VBS.TPI

D:\M1\cours premier semestre bis\Td mémoire.exe

Supprimé

D:\M1\De quelle façon doit on diversifier son portefeuille d.exe

Infecté par: Trojan.VBS.TPI

D:\M1\De quelle façon doit on diversifier son portefeuille d.exe

Supprimé

D:\M1\diversificationexpos¨¦.exe

Infecté par: Trojan.VBS.TPI

D:\M1\diversificationexpos¨¦.exe

Supprimé

D:\M1\Etude de marché.exe

Infecté par: Trojan.VBS.TPI

D:\M1\Etude de marché.exe

Supprimé

D:\M1\etude2chémar alexis breizou.exe

Infecté par: Trojan.VBS.TPI

D:\M1\etude2chémar alexis breizou.exe

Supprimé

D:\M1\I littérature économique et diversification.exe

Infecté par: Trojan.VBS.TPI

D:\M1\I littérature économique et diversification.exe

Supprimé

D:\M1\La théorie duale de la firme entre les transactions et les compétences.exe

Infecté par: Trojan.VBS.TPI

D:\M1\La théorie duale de la firme entre les transactions et les compétences.exe

Supprimé

D:\M1\macle\cours premier semestre\Etude de marché.exe

Infecté par: Trojan.VBS.TPI

D:\M1\macle\cours premier semestre\Etude de marché.exe

Supprimé

D:\M1\macle\cours premier semestre\etude2chémar alexis breizou.exe

Infecté par: Trojan.VBS.TPI

D:\M1\macle\cours premier semestre\etude2chémar alexis breizou.exe

Supprimé

D:\M1\macle\cours premier semestre\Note de Bibliographie - François Rigaux.exe

Infecté par: Trojan.VBS.TPI

D:\M1\macle\cours premier semestre\Note de Bibliographie - François Rigaux.exe

Supprimé

D:\M1\macle\cours premier semestre\problématique.exe

Infecté par: Trojan.VBS.TPI

D:\M1\macle\cours premier semestre\problématique.exe

Supprimé

D:\M1\macle\cours premier semestre\Td mémoire.exe

Infecté par: Trojan.VBS.TPI

D:\M1\macle\cours premier semestre\Td mémoire.exe

Supprimé

D:\M1\macle\etude2chémar.exe

Infecté par: Trojan.VBS.TPI

D:\M1\macle\etude2chémar.exe

Supprimé

D:\M1\macle\macro\Macroéconomie.exe

Infecté par: Trojan.VBS.TPI

D:\M1\macle\macro\Macroéconomie.exe

Supprimé

D:\M1\macle\marché du vin.exe

Infecté par: Trojan.VBS.TPI

D:\M1\macle\marché du vin.exe

Supprimé

D:\M1\macro\Macroéconomie.exe

Infecté par: Trojan.VBS.TPI

D:\M1\macro\Macroéconomie.exe

Supprimé

D:\M1\Note de Bibliographie - François Rigaux.exe

Infecté par: Trojan.VBS.TPI

D:\M1\Note de Bibliographie - François Rigaux.exe

Supprimé

D:\M1\problématique.exe

Infecté par: Trojan.VBS.TPI

D:\M1\problématique.exe

Supprimé

D:\M1\Td mémoire.exe

Infecté par: Trojan.VBS.TPI

D:\M1\Td mémoire.exe

Supprimé

D:\M1\économie du travail avant dernière séance.exe

Infecté par: Trojan.VBS.TPI

D:\M1\économie du travail avant dernière séance.exe

Supprimé

D:\Mskernel32.vbs

Infecté par: VBS.Pica.Z

D:\Mskernel32.vbs

Echec de la désinfection

D:\Mskernel32.vbs

Supprimé

D:\mémoire éval.exe

Infecté par: Trojan.VBS.TPI

D:\mémoire éval.exe

Supprimé

D:\mémoire éval1.exe

Infecté par: Trojan.VBS.TPI

D:\mémoire éval1.exe

Supprimé

D:\mémoire évalcor.exe

Infecté par: Trojan.VBS.TPI

D:\mémoire évalcor.exe

Supprimé

D:\Préparez.exe

Infecté par: Trojan.VBS.TPI

D:\Préparez.exe

Sujet: Re: VBs:malware-gen Ven 9 Jan 2009 - 14:46

D:\Recuperation\cours le bas\cours economie des organisations théorie des ressources703803.exe

Infecté par: Trojan.VBS.TPI

D:\Recuperation\cours le bas\cours economie des organisations théorie des ressources703803.exe

Supprimé

D:\Recuperation\cours le bas\La théorie évolutionniste de la firmeorganisation.exe

Infecté par: Trojan.VBS.TPI

D:\Recuperation\cours le bas\La théorie évolutionniste de la firmeorganisation.exe

Supprimé

D:\Recuperation\DE la communication à l.exe

Infecté par: Trojan.VBS.TPI

D:\Recuperation\DE la communication à l.exe

Supprimé

D:\Recuperation\economie des organisations théorie des ressources.exe

Infecté par: Trojan.VBS.TPI

D:\Recuperation\economie des organisations théorie des ressources.exe

Supprimé

D:\Recuperation\economie des organisations théorie des ressources703.exe

Infecté par: Trojan.VBS.TPI

D:\Recuperation\economie des organisations théorie des ressources703.exe

Supprimé

D:\Recuperation\Le caam représente deux cents personnes en Asie.exe

Infecté par: Trojan.VBS.TPI

D:\Recuperation\Le caam représente deux cents personnes en Asie.exe

Supprimé

D:\Recuperation\mémoireAB.exe

Infecté par: Trojan.VBS.TPI

D:\Recuperation\mémoireAB.exe

Supprimé

D:\Recuperation\Note de problématiques.exe

Infecté par: Trojan.VBS.TPI

D:\Recuperation\Note de problématiques.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\De quelle façon doit on diversifier son portefeuille d.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\De quelle façon doit on diversifier son portefeuille d.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\diversificationexpos¨¦.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\diversificationexpos¨¦.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\Etude de marché.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\Etude de marché.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\etude2chémar alexis breizou.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\etude2chémar alexis breizou.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\I littérature économique et diversification.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\I littérature économique et diversification.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\La théorie duale de la firme entre les transactions et les compétences.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\La théorie duale de la firme entre les transactions et les compétences.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\macro\Macroéconomie.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\macro\Macroéconomie.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\Note de Bibliographie - François Rigaux.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\Note de Bibliographie - François Rigaux.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\problématique.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\problématique.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\Td mémoire.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\Td mémoire.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\économie du travail avant dernière séance.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd11\économie du travail avant dernière séance.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd12\La théorie duale de la firme entre les transactions et les compétences.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd12\La théorie duale de la firme entre les transactions et les compétences.exe

Supprimé

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd12\Td mémoire.exe

Infecté par: Trojan.VBS.TPI

D:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dd12\Td mémoire.exe

Supprimé

D:\~$moire éval.exe

Infecté par: Trojan.VBS.TPI

D:\~$moire éval.exe

Supprimé

D:\études_cas_Laslandes.exe

Infecté par: Trojan.VBS.TPI

D:\études_cas_Laslandes.exe

Supprimé

F:\cours premier semestre\De quelle façon doit on diversifier son portefeuille d.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\De quelle façon doit on diversifier son portefeuille d.exe

Supprimé

F:\cours premier semestre\diversificationexpos¨¦.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\diversificationexpos¨¦.exe

Supprimé

F:\cours premier semestre\Etude de marché.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\Etude de marché.exe

Supprimé

F:\cours premier semestre\etude2chémar alexis breizou.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\etude2chémar alexis breizou.exe

Supprimé

F:\cours premier semestre\I littérature économique et diversification.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\I littérature économique et diversification.exe

Supprimé

F:\cours premier semestre\La théorie duale de la firme entre les transactions et les compétences.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\La théorie duale de la firme entre les transactions et les compétences.exe

Supprimé

F:\cours premier semestre\macro\Macroéconomie.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\macro\Macroéconomie.exe

Supprimé

F:\cours premier semestre\Note de Bibliographie - François Rigaux.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\Note de Bibliographie - François Rigaux.exe

Supprimé

F:\cours premier semestre\problématique.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\problématique.exe

Supprimé

F:\cours premier semestre\Td mémoire.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\Td mémoire.exe

Supprimé

F:\cours premier semestre\économie du travail avant dernière séance.exe

Infecté par: Trojan.VBS.TPI

F:\cours premier semestre\économie du travail avant dernière séance.exe

Supprimé

F:\Definir la cohérence.exe

Infecté par: Trojan.VBS.TPI

F:\Definir la cohérence.exe

Supprimé

F:\diversificationexpos¨¦finalfin.exe

Infecté par: Trojan.VBS.TPI

F:\diversificationexpos¨¦finalfin.exe

Supprimé

F:\diversificationexpos¨¦suite.exe

Infecté par: Trojan.VBS.TPI

F:\diversificationexpos¨¦suite.exe

Supprimé

F:\Documents and Settings\Alexandre bonhomme\Bureau\ALEX DOSSIER\compta\CM numéro 2.exe

Infecté par: Trojan.VBS.TPI

F:\Documents and Settings\Alexandre bonhomme\Bureau\ALEX DOSSIER\compta\CM numéro 2.exe

Supprimé

F:\Documents and Settings\Alexandre bonhomme\Bureau\ALEX DOSSIER\MICRO 3\S2 Pf optimal pour les actifs risqués.exe

Infecté par: Trojan.VBS.TPI

F:\Documents and Settings\Alexandre bonhomme\Bureau\ALEX DOSSIER\MICRO 3\S2 Pf optimal pour les actifs risqués.exe

Supprimé

F:\Documents and Settings\Alexandre bonhomme\Bureau\apprendre excel\Leçons d'excel.exe

Infecté par: Trojan.VBS.TPI

F:\Documents and Settings\Alexandre bonhomme\Bureau\apprendre excel\Leçons d'excel.exe

Supprimé

F:\Documents and Settings\Alexandre bonhomme\Mes documents\mes documents professionnels\CV élégant alexandre bonhomme.exe

Infecté par: Trojan.VBS.TPI

F:\Documents and Settings\Alexandre bonhomme\Mes documents\mes documents professionnels\CV élégant alexandre bonhomme.exe

Supprimé

F:\Documents and Settings\Alexandre bonhomme\Mes documents\mes documents professionnels\~$ élégant alexandre bonhomme.exe

Infecté par: Trojan.VBS.TPI

F:\Documents and Settings\Alexandre bonhomme\Mes documents\mes documents professionnels\~$ élégant alexandre bonhomme.exe

Supprimé

F:\Documents and Settings\Alexandre bonhomme\Mes documents\mes documents uiversitaires\English sixième semestre.exe

Infecté par: Trojan.VBS.TPI

F:\Documents and Settings\Alexandre bonhomme\Mes documents\mes documents uiversitaires\English sixième semestre.exe

Supprimé

F:\Documents and Settings\Alexandre bonhomme\Mes documents\Méthodologie.exe

Infecté par: Trojan.VBS.TPI

F:\Documents and Settings\Alexandre bonhomme\Mes documents\Méthodologie.exe

Supprimé

F:\etude de marche\Étude de marché2 .exe

Infecté par: Trojan.VBS.TPI

F:\etude de marche\Étude de marché2 .exe

Supprimé

F:\etude de marche\étudedemarchébrac.exe

Infecté par: Trojan.VBS.TPI

F:\etude de marche\étudedemarchébrac.exe

Supprimé

F:\Mskernel32.vbs

Infecté par: VBS.Pica.Z

F:\Mskernel32.vbs

Echec de la désinfection

F:\Mskernel32.vbs

Supprimé

F:\mémoire éval.exe

Infecté par: Trojan.VBS.TPI

F:\mémoire éval.exe

Supprimé

F:\mémoire éval1.exe

Infecté par: Trojan.VBS.TPI

F:\mémoire éval1.exe

Supprimé

F:\mémoire évalcor.exe

Infecté par: Trojan.VBS.TPI

F:\mémoire évalcor.exe

Supprimé

F:\Préparez.exe

Infecté par: Trojan.VBS.TPI

F:\Préparez.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\cours le bas\cours economie des organisations théorie des ressources703803.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\cours le bas\cours economie des organisations théorie des ressources703803.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\cours le bas\La théorie évolutionniste de la firmeorganisation.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\cours le bas\La théorie évolutionniste de la firmeorganisation.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\DE la communication à l.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\DE la communication à l.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\economie des organisations théorie des ressources.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\economie des organisations théorie des ressources.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\economie des organisations théorie des ressources703.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\economie des organisations théorie des ressources703.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\Le caam représente deux cents personnes en Asie.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\Le caam représente deux cents personnes en Asie.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\mémoireAB.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\mémoireAB.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\Note de problématiques.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg1\Note de problématiques.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg4\La théorie duale de la firme entre les transactions et les compétences.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg4\La théorie duale de la firme entre les transactions et les compétences.exe

Supprimé

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg4\Td mémoire.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-343818398-1417001333-839522115-1003\Dg4\Td mémoire.exe

Supprimé

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\Etude de marché.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\Etude de marché.exe

Supprimé

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\etude2chémar alexis breizou.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\etude2chémar alexis breizou.exe

Supprimé

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\Note de Bibliographie - François Rigaux.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\Note de Bibliographie - François Rigaux.exe

Supprimé

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\problématique.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\problématique.exe

Supprimé

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\Td mémoire.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\cours premier semestre\Td mémoire.exe

Supprimé

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\etude2chémar.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\etude2chémar.exe

Supprimé

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\macro\Macroéconomie.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\macro\Macroéconomie.exe

Supprimé

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\marché du vin.exe

Infecté par: Trojan.VBS.TPI

F:\RECYCLER\S-1-5-21-3772028017-4244622243-1160242127-5576\De167\marché du vin.exe

Supprimé

F:\System Volume Information\_restore{9BCA70B3-402A-43B6-935A-4755D93C6BA0}\RP48\A0047403.vbs

Infecté par: VBS.Pica.Z

F:\System Volume Information\_restore{9BCA70B3-402A-43B6-935A-4755D93C6BA0}\RP48\A0047403.vbs

Echec de la désinfection

F:\System Volume Information\_restore{9BCA70B3-402A-43B6-935A-4755D93C6BA0}\RP48\A0047403.vbs

Supprimé

F:\~$moire éval.exe

Infecté par: Trojan.VBS.TPI

F:\~$moire éval.exe

Supprimé

F:\études_cas_Laslandes.exe

Infecté par: Trojan.VBS.TPI

F:\études_cas_Laslandes.exe

Supprimé

Sujet: Re: VBs:malware-gen Ven 9 Jan 2009 - 23:51

salut
remet un hijackthis stp

Sujet: Re: VBs:malware-gen Sam 10 Jan 2009 - 11:07

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:43, on 10/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\alexb\Desktop\Logiciels de désinfection\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O4 - HKLM\..\Run: [MS32TMP] C:\DOCUME~1\alexb\LOCALS~1\Temp\Mskernel32.vbs
O4 - HKLM\..\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM\..\Run: [boottmp] wscript.exe /E:vbs C:\DOCUME~1\alexb\LOCALS~1\Temp\boot.ini
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\Mskernel32.vbs
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7688 bytes

Sujet: Re: VBs:malware-gen Sam 10 Jan 2009 - 12:02

Ouille ouille j'avais pas vu d'infections comme ça depuis longtemps!

Des virus qui reviennent sans cesse.

Bon ok, on va faire un sacré coup de ménage dans ce bazar.

En 1, tu vas me télécharger le trial de Kaspersky Total Security [clique ici pour télécharger le trial]

En 2, tu vas me faire un scan approfondi avec Kaspersky.
Si il y a des virus de trouvés, tu les mets en quarantaine et ensuite et seulement ensuite tu les détruis.

Ensuite tu vas télécharger: Avira, Zone Alarm Free et Spybot MAIS TU NE LES INSTALLERA PAS.

Une fois le trial de Kaspersky terminé, tu désinstalles Kaspersky et tu installes Avira, Zone Alarm Free et Spybot.

Sujet: Re: VBs:malware-gen Sam 10 Jan 2009 - 18:55

Biitche a écrit:: Ouille ouille j'avais pas vu d'infections comme ça depuis longtemps!

Des virus qui reviennent sans cesse.

Bon ok, on va faire un sacré coup de ménage dans ce bazar.

En 1, tu vas me télécharger le trial de Kaspersky Total Security [clique ici pour télécharger le trial]

En 2, tu vas me faire un scan approfondi avec Kaspersky.
Si il y a des virus de trouvés, tu les mets en quarantaine et ensuite et seulement ensuite tu les détruis.

Ensuite tu vas télécharger: Avira, Zone Alarm Free et Spybot MAIS TU NE LES INSTALLERA PAS.

Une fois le trial de Kaspersky terminé, tu désinstalles Kaspersky et tu installes Avira, Zone Alarm Free et Spybot.

Bonjour Biitche
ce membre est entre les mains d'un helper qui vérifie et suit une procédure particulière merci de le laisser terminer.
De plus c'est inutile de faire installer une version trial de kaspersky alors qu'il existe un antivirus en ligne et que tu supposes l'installation d'antivir.

alexb >> n'installe rien sans que Arcatarus et Bibou ne te le demandent eux même.

Sujet: Re: VBs:malware-gen Sam 10 Jan 2009 - 19:47

Parce que un scan en ligne vaut l'analyse d'un anti-virus installé sur sa bécane...

Justement non.
Windows bloque certaines accessibilités pour des raisons strictes de sécurité et lors de ce blocage il ne prévient pas (system32, system, rescache notamment, là où les virus sont fréquents).

Ensuite, je m'excuse, je ne savais pas qu'il était encadré Embarassed

Sujet: Re: VBs:malware-gen Lun 12 Jan 2009 - 21:38

hELLO,

Mon ordi est toujours infesté....
Une solution??

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 7:52

Oui

Télécharges AD-Remover sur ton bureau :

/!\ Déconnectes toi et fermes toutes applications en cours

Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
Double clique sur l'icône Ad-remover située sur ton bureau
Au menu principal choisi l'option "A"
Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 9:13

------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------

# START AT: 9:09:38 | Tue 13/01/2009 | Microsoft

Windows XP

SP2 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ALEX | USER: alexb ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 54

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

Process: "EoEngine.exe" [PID:~232]
.
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
HKLM\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\SoftwareHelper
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\ConfMedia.cyp
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoTools_26.dll
C:\Program Files\EoRezo\EoRezoTools_27.dll
C:\Program Files\EoRezo\EoRezoTools_28.dll
C:\Program Files\EoRezo\EoRezoTools_29.dll
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\lang
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
C:\Program Files\EoRezo\EoAdv\atl90.dll
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoAdv\mfc90.dll
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest
C:\Program Files\EoRezo\EoAdv\msvcr90.dll
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
C:\Documents and Settings\alexb\Application Data\EoRezo
C:\Documents and Settings\alexb\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\alexb\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\alexb\Application Data\EoRezo\ConfMedia.cyp.old
C:\Documents and Settings\alexb\Application Data\EoRezo\db
C:\Documents and Settings\alexb\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\alexb\Application Data\EoRezo\eoStats
C:\Documents and Settings\alexb\Application Data\EoRezo\host.cyp
C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate
C:\Documents and Settings\alexb\Application Data\EoRezo\user.cyp
C:\Documents and Settings\alexb\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\alexb\Application Data\EoRezo\eoDesktop\config.xml
C:\Documents and Settings\alexb\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\alexb\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\alexb\Application Data\EoRezo\eoStats\eoStats.txt
C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate\unins000.dat
C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate\unins000.exe
C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate\user_config.cyp
C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp
C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf
C:\Documents and Settings\alexb\Cookies\alexb@eorezo[1].txt

+--------------------| Everest Casino/Everest Poker Elements found :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\n8wd30cg.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Startup HomePage: "http://www.hotmail.com/"

.

+---------------------------------------------------------------------------+

~~~~ Internet Explorer version 6.0.2900.2180 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+---------------------------------------------------------------------------+

[~6136 bytes] - "C:\AD-report-Scan-13.01.2009.log"

# END at: 9:10:57 | 13/01/2009 - Time elapsed: 78.9 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 126 lines ]
+---------------------------------------------------------------------------+

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 9:22

Nettoyage AD-Remover :

! Déconnectes toi et fermes toutes applications en cours !

Relances "Ad-remover" : au menu principal choisi l'option "B" .

Coche à l'écran de sélèction :

Puis choisi "S" , le programme va travailler,

Postes le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)

RSIT
Télécharge random's system information tool (RSIT) par random/random et sauvegarde le sur ton Bureau

RSIT.exe

Continue

log.txt et info.txt (c:\rsit)

Note : un rapport hijackthis est contenu dans le rapport log.txt

Si tes rapports sont trop long utilise ce site : http://www.miraclesalad.com/webtools/clip.php
Copie/coller ton rapport et clique sur le lien IP ADRESS (Please type in your IP address to Paste into the clipboard) copie coller ton IP dans la zone adéquate puis clique sur le bouton Paste to new clipboard
Donne le lien dans ta prochaine réponse.
Il est de type : http://www.miraclesalad.com/webtools/clip.php?clip=XXXX ou xxxx est un numéro.

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 10:26

------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------

*** Limited to ***

Eorezo

******************

# START AT: 10:13:54 | Tue 13/01/2009 | Microsoft

Windows XP

SP2 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: ALEX | USER: alexb ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 55

(!) ---- IE start pages reset

+--------------------| Eorezo Elements Deleted :

Process: "EoEngine.exe" [PID:~232]
.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\SoftwareHelper
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
/!\ NOT DELETED - HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
.
C:\Program Files\EoRezo
/!\ NOT DELETED - C:\Documents and Settings\alexb\Application Data\EoRezo
/!\ NOT DELETED - C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate
/!\ NOT DELETED - C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\Prefetch\EOENGINE.EXE-020B3EA2.pf
C:\Documents and Settings\alexb\Cookies\alexb@eorezo[1].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

************* /!\ Registry Element(s) Not Deleted /!\ *************

"HKCU\SOFTWARE\EoRezo"

Second run ...

DELETED ! - ""HKCU\SOFTWARE\EoRezo""

************* /!\ File(s)/Folder(s) Not Deleted /!\ *************

"C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate"
"C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe"

Second run ...

/!\ RESIST ! - "C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate"
/!\ RESIST ! - "C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe"

+--------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\n8wd30cg.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Startup HomePage: "http://www.hotmail.com/"

.

+---------------------------------------------------------------------------+

~~~~ Internet Explorer version 6.0.2900.2180 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~3152 bytes] - "C:\AD-report-Clean-13.01.2009.log"
[~6471 bytes] - "C:\AD-report-Scan-13.01.2009.log"

# END at: 10:16:05 | 13/01/2009 - Time elapsed: 2 minutes, 11 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 63 lines ]
+---------------------------------------------------------------------------+

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 10:31

info.txt logfile of random's system information tool 1.05 2009-01-13 10:29:42

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer ePowerManagement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Ad-remover-->C:\Program Files\Ad-remover\Uninstal.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Defenza-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B3AA536-2193-4D9B-812A-DE45C4D57AD1}\Setup.exe" -l0x9
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\alexb\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Skype

3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftwareUpdate 1.0-->"C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090112-0] (disabled)

System event log

Computer Name: ALEX
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.

Record Number: 11966
Source Name: Service Control Manager
Time Written: 20090105221330.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 11965
Source Name: Service Control Manager
Time Written: 20090105221330.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ALEX
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 11964
Source Name: Service Control Manager
Time Written: 20090105221330.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 7035
Message: The Wireless Zero Configuration service was successfully sent a stop control.

Record Number: 11963
Source Name: Service Control Manager
Time Written: 20090105221330.000000+480
Event Type: information
User: ALEX\alexb

Computer Name: ALEX
Event Code: 6005
Message: The Event log service was started.

Record Number: 11962
Source Name: EventLog
Time Written: 20090105221310.000000+480
Event Type: information
User:

Application event log

Computer Name: ALEX
Event Code: 2003
Message:
Record Number: 458
Source Name: EAPOL
Time Written: 20090105084418.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 457
Source Name: SecurityCenter
Time Written: 20090105084406.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 0
Message:
Record Number: 456
Source Name: RegSrvc
Time Written: 20090105084406.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 0
Message:
Record Number: 455
Source Name: OwnershipProtocol
Time Written: 20090105084406.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 0
Message:
Record Number: 454
Source Name: EvtEng
Time Written: 20090105084403.000000+480
Event Type: information
User:

Security event log

Computer Name: ALEX
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: {00000000-0000-0000-0000-000000000000}

Record Number: 5654
Source Name: Security
Time Written: 20090107142620.000000+480
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: ALEX
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.

Logon Process Name: RASMAN

Record Number: 5653
Source Name: Security
Time Written: 20090107142619.000000+480
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: ALEX
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 5652
Source Name: Security
Time Written: 20090107142619.000000+480
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: ALEX
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: {00000000-0000-0000-0000-000000000000}

Record Number: 5651
Source Name: Security
Time Written: 20090107142619.000000+480
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: ALEX
Event Code: 806
Message: Per User Audit Policy was refreshed.

Number of elements: 0

Policy ID: (0x0,0x1614C)

Record Number: 5650
Source Name: Security
Time Written: 20090107142617.000000+480
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 10:36

http://www.miraclesalad.com/webtools/clip.php?clip=2ddb

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 10:54

Connais tu ce logiciel : Defenza ? que fait il ?
Si non

Désinstalle ce programme : Defenza via le panneau de configuration/ajout supression de programme

tu as des clés usb ? si oui tu as une infection par support amovible et elle doivent être toutes décontaminés

Telecharge UsbFix sur ton bureau

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

poste un nouveau rapport RSIT avec

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 11:25

-------------- UsbFix V2.414 ---------------

* User : alexb - ALEX
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 11:13:34 le 13/01/2009
* Windows Xp - Internet Explorer 6.0.2900.2180

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

--------------- [ Informations lecteurs ] ----------------

C: - Fixed Drive

D: - Fixed Drive

F: - Fixed Drive

+- Contenu de l'autorun : C:\autorun.inf

[autorun]
shellexecute=wscript.exe Mskernel32.vbs

+- Contenu de l'autorun : D:\autorun.inf

[autorun]
shellexecute=wscript.exe Mskernel32.vbs

+- Contenu de l'autorun : F:\autorun.inf

[autorun]
shellexecute=wscript.exe Mskernel32.vbs

--------------- [ Lecteur C ] ----------------

C: - Fixed Drive

+- Listing des fichiers présents :

[12/11/2008 13:04][--a------] C:\AUTOEXEC.BAT
[28/02/2006 20:00][-rahs----] C:\NTDETECT.COM
[09/01/2009 11:25][-rahs----] C:\Mskernel32.vbs
[12/11/2008 12:47][---hs----] C:\boot.ini
[13/01/2009 10:59][-rahs----] C:\autorun.inf
[07/01/2009 21:44][--a------] C:\rapport.txt
[07/01/2009 21:44][--a------] C:\UsbFix.txt
[12/11/2008 13:04][--a------] C:\CONFIG.SYS
[12/11/2008 13:04][--a------] C:\hiberfil.sys
[12/11/2008 13:04][--a------] C:\IO.SYS
[12/11/2008 13:04][--a------] C:\MSDOS.SYS
[12/11/2008 13:04][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Fixed Drive

+- Listing des fichiers présents :

[09/01/2009 11:56][-rahs----] D:\Mskernel32.vbs
[07/01/2009 15:21][--ah-----] D:\Definir la coh‚rence.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýfinalfin.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýsuite.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val1.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚valcor.exe
[07/01/2009 15:21][--ah-----] D:\Pr‚parez.exe
[07/01/2009 15:21][--ah-----] D:\~$moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\‚tudes_cas_Laslandes.exe
[13/01/2009 11:07][-rahs----] D:\autorun.inf

--------------- [ Lecteur F ] ----------------

F: - Fixed Drive

+- Listing des fichiers présents :

[13/01/2009 11:07][--a--c---] F:\Mskernel32.vbs
[13/01/2009 11:07][--a--c---] F:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MS32TMP=C:\DOCUME~1\alexb\LOCALS~1\Temp\Mskernel32.vbs
winboot=wscript.exe /E:vbs C:\WINDOWS\boot.ini
boottmp=wscript.exe /E:vbs C:\DOCUME~1\alexb\LOCALS~1\Temp\boot.ini
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Persistence=C:\WINDOWS\system32\igfxpers.exe
EPM-DM=c:\acer\epm\epm-dm.exe
ePowerManagement=C:\Acer\ePM\ePM.exe boot
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
IntelWireless=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
EOUApp=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
MS32DLL=C:\WINDOWS\Mskernel32.vbs
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SoftwareHelper=C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0af59474-d191-11dd-b5a4-0013ceeb483b}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85a9170e-c41c-11dd-b592-0013ceeb483b}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87afec12-cf48-11dd-b5a2-0013ceeb483b}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87afec13-cf48-11dd-b5a2-0013ceeb483b}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87afec13-cf48-11dd-b5a2-0013ceeb483b}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87afec13-cf48-11dd-b5a2-0013ceeb483b}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92aa7dca-b4af-11dd-b57d-0016365cf65d}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbd379a6-b075-11dd-b57c-0016365cf65d}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2c4b0de-b4ba-11dd-b57e-0013ceeb483b}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [13/01/2009 10:59][-rahs----] C:\WINDOWS\boot.ini
Supprimé ! - [18/08/2008 11:19][--a------] C:\WINDOWS\system32\404Fix.exe
Supprimé ! - [12/12/2008 00:57][--a------] C:\WINDOWS\system32\Agent.OMZ.Fix.exe
Supprimé ! - [31/07/2004 17:50][--a------] C:\WINDOWS\system32\dumphive.exe
Supprimé ! - [18/05/2008 20:40][--a------] C:\WINDOWS\system32\IEDFix.exe
Supprimé ! - [29/11/2008 17:58][--a------] C:\WINDOWS\system32\IEDFix.C.exe
Supprimé ! - [20/09/2008 11:45][--a------] C:\WINDOWS\system32\o4Patch.exe
Supprimé ! - [05/06/2003 20:13][--a------] C:\WINDOWS\system32\Process.exe
Supprimé ! - [27/04/2006 16:49][--a------] C:\WINDOWS\system32\SrchSTS.exe
Supprimé ! - [29/08/2006 18:43][--a------] C:\WINDOWS\system32\swreg.exe
Supprimé ! - [09/01/2006 09:36][--a------] C:\WINDOWS\system32\swsc.exe
Supprimé ! - [01/12/2006 05:20][--a------] C:\WINDOWS\system32\swxcacls.exe
Supprimé ! - [07/01/2009 21:43][--a------] C:\WINDOWS\system32\tmp.reg
Supprimé ! - [01/10/2008 14:51][--a------] C:\WINDOWS\system32\VACFix.exe
Supprimé ! - [05/09/2007 23:22][--a------] C:\WINDOWS\system32\VCCLSID.exe
Supprimé ! - [03/10/2007 23:36][--a------] C:\WINDOWS\system32\WS2Fix.exe
Supprimé ! - [09/01/2009 11:25][-rahs----] C:\MSKernel32.vbs
Supprimé ! - [13/01/2009 10:59][-rahs----] C:\autorun.inf
Supprimé ! - [09/01/2009 11:56][-rahs----] D:\MSKernel32.vbs
Supprimé ! - [13/01/2009 11:07][-rahs----] D:\autorun.inf
Supprimé ! - [13/01/2009 11:07][--a--c---] F:\MSKernel32.vbs
Supprimé ! - [13/01/2009 11:07][--a--c---] F:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[12/11/2008 13:04][--a------] C:\AUTOEXEC.BAT
[28/02/2006 20:00][-rahs----] C:\NTDETECT.COM
[12/11/2008 12:47][---hs----] C:\boot.ini
[07/01/2009 15:21][--ah-----] D:\Definir la coh‚rence.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýfinalfin.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýsuite.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val1.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚valcor.exe
[07/01/2009 15:21][--ah-----] D:\Pr‚parez.exe
[07/01/2009 15:21][--ah-----] D:\~$moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\‚tudes_cas_Laslandes.exe

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 11:41

dEFENZA EST UN anti spyware que j ai téléchargé recemment. Je l'ai enlevé....
Avast ne détecte plus mon virus autorun....Il me semble que c'est bon signe.
En revanche j'ai relancé un scan spyware doctor et il detecte un quarantaine de virus dont un trojan. Je ne peuxpas les virer car pour cela, il faut que j'achète la licence.
Voici un nouveau hijack. Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:09, on 13/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alexb\Desktop\Logiciels de désinfection\HiJackThis\alexb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [MS32TMP] C:\DOCUME~1\alexb\LOCALS~1\Temp\Mskernel32.vbs
O4 - HKLM\..\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM\..\Run: [boottmp] wscript.exe /E:vbs C:\DOCUME~1\alexb\LOCALS~1\Temp\boot.ini
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\Mskernel32.vbs
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7625 bytes

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 11:46

voici la description du trojan sur spyware doctor:

Spyware Research > Infections > Trojan-PWS.Bancos

Details of the selected infection are shown below. This infection can be detected and cleaned using Spyware Doctor.
Nom: Trojan-PWS.Bancos
Niveau de risque : High
Description: Trojan.PWSteal.Bancos is a trojan that monitors and steals cached passwords that are stored by Microsoft Outlook. It also collects your financial information as you log on to certain predefined banking web sites.
Type: TT_Keylogger, TT_Trojan
Also known as: PWSteal.Bancos [Sophos] PWS-Banker.f [McAfee] TROJ_BANKER.EY [
Removal: This infection can be removed using Spyware Doctor.

At least one or more of the following fields may be indicated:

* Name: the name of the specific infection, as presented in the database.
* Also known as: other names by which this infection may be known.
* Type: the category to which the infection belongs. Refer to the Glossary for further details on infection types.
* Variant: the family of infections to which this infection belongs.
* By: the vendor of this infection.
* Threat: the threat level assigned to this infection.
* Description: a more detailed description of the infection. If the information is available, technical aspects and symptoms of this infection are described here.

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 12:07

Désinstaller spyware doctor inefficace si tu dois acheter la licence.

ouvre hijackthis coche ces cases :
O4 - HKLM\..\Run: [MS32TMP] C:\DOCUME~1\alexb\LOCALS~1\Temp\Mskernel32.vbs
O4 - HKLM\..\Run: [boottmp] wscript.exe /E:vbs C:\DOCUME~1\alexb\LOCALS~1\Temp\boot.ini
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\Mskernel32.vbs
fermes toute tes fenetres y compris ton navigateur
clique sur le bouton fix checked

reboot ton PC.

POSTE MOI LE RAPPORT RSIT réalisé avec l'outil qu'il faut le rapport hijackthis n'est pas suffisant.

télécharge MalwareByte's Anti-Malware et installe le.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Assure toi qu'il se soit bien mis à jour avant de passer à la suite.

- Redémarre en mode sans échec :

o Redémarre ton ordinateur
o Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
o A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
o Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
o Choisis ton compte.

* Lance MBAM et sélectionne "Exécuter un examen complet". Patiente le temps du scan.

* Une fois le scan terminé,clique sur "Supprimer la sélection".

Si MBAM a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok. Enregistre le rapport sur ton Bureau lorsqu'il s'affichera.

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 13:28

Un autre probleme.
Lors de la derniere operation, seul mon disque dur externe a ete traité et pas ma cle USB qui est infeste selon avast
J ai donc recommencer la manipulation avec usb fix: Voici le rapport:

-------------- UsbFix V2.414 ---------------

* User : alexb - ALEX
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 13:17:38 le 13/01/2009
* Windows Xp - Internet Explorer 6.0.2900.2180

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe

--------------- [ Informations lecteurs ] ----------------

C: - Fixed Drive

D: - Fixed Drive

H: - Removable Drive

+- Contenu de l'autorun : C:\autorun.inf

+- Contenu de l'autorun : D:\autorun.inf

+- Contenu de l'autorun : H:\autorun.inf

[autorun]
shellexecute=wscript.exe Mskernel32.vbs

--------------- [ Lecteur C ] ----------------

C: - Fixed Drive

+- Listing des fichiers présents :

[12/11/2008 13:04][--a------] C:\AUTOEXEC.BAT
[28/02/2006 20:00][-rahs----] C:\NTDETECT.COM
[13/01/2009 13:14][-rahs----] C:\Mskernel32.vbs
[12/11/2008 12:47][---hs----] C:\boot.ini
[13/01/2009 13:14][d--h-----] C:\autorun.inf
[07/01/2009 21:44][--a------] C:\rapport.txt
[07/01/2009 21:44][--a------] C:\UsbFix.txt
[12/11/2008 13:04][--a------] C:\CONFIG.SYS
[12/11/2008 13:04][--a------] C:\hiberfil.sys
[12/11/2008 13:04][--a------] C:\IO.SYS
[12/11/2008 13:04][--a------] C:\MSDOS.SYS
[12/11/2008 13:04][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Fixed Drive

+- Listing des fichiers présents :

[13/01/2009 13:14][-rahs----] D:\Mskernel32.vbs
[07/01/2009 15:21][--ah-----] D:\Definir la coh‚rence.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýfinalfin.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýsuite.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val1.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚valcor.exe
[07/01/2009 15:21][--ah-----] D:\Pr‚parez.exe
[07/01/2009 15:21][--ah-----] D:\~$moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\‚tudes_cas_Laslandes.exe
[13/01/2009 13:14][d--h-----] D:\autorun.inf

--------------- [ Lecteur H ] ----------------

H: - Removable Drive

+- Listing des fichiers présents :

[13/01/2009 12:19][-rahs----] H:\Mskernel32.vbs
[13/01/2009 13:15][-rahs----] H:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MS32TMP=C:\DOCUME~1\alexb\LOCALS~1\Temp\Mskernel32.vbs
winboot=wscript.exe /E:vbs C:\WINDOWS\boot.ini
boottmp=wscript.exe /E:vbs C:\DOCUME~1\alexb\LOCALS~1\Temp\boot.ini
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Persistence=C:\WINDOWS\system32\igfxpers.exe
EPM-DM=c:\acer\epm\epm-dm.exe
ePowerManagement=C:\Acer\ePM\ePM.exe boot
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
IntelWireless=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
EOUApp=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
MS32DLL=C:\WINDOWS\Mskernel32.vbs
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SoftwareHelper=C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87afec13-cf48-11dd-b5a2-0013ceeb483b}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [13/01/2009 13:15][-rahs----] C:\WINDOWS\boot.ini
Supprimé ! - [13/01/2009 13:14][-rahs----] C:\MSKernel32.vbs
Echec de la supression !! - [13/01/2009 13:18] C:\autorun.inf
Supprimé ! - [13/01/2009 13:18][d--------] C:\autorun.inf
Supprimé ! - [13/01/2009 13:14][-rahs----] D:\MSKernel32.vbs
Echec de la supression !! - [13/01/2009 13:18] D:\autorun.inf
Supprimé ! - [13/01/2009 13:18][d--------] D:\autorun.inf
Supprimé ! - [13/01/2009 12:19][-rahs----] H:\MSKernel32.vbs
Supprimé ! - [13/01/2009 13:15][-rahs----] H:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[12/11/2008 13:04][--a------] C:\AUTOEXEC.BAT
[28/02/2006 20:00][-rahs----] C:\NTDETECT.COM
[12/11/2008 12:47][---hs----] C:\boot.ini
[07/01/2009 15:21][--ah-----] D:\Definir la coh‚rence.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýfinalfin.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýsuite.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val1.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚valcor.exe
[07/01/2009 15:21][--ah-----] D:\Pr‚parez.exe
[07/01/2009 15:21][--ah-----] D:\~$moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\‚tudes_cas_Laslandes.exe

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
H:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 14:37

connais tu ses fichiers :

Citation :: [07/01/2009 15:21][--ah-----] D:\Definir la coh‚rence.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýfinalfin.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýsuite.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val1.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚valcor.exe
[07/01/2009 15:21][--ah-----] D:\Pr‚parez.exe
[07/01/2009 15:21][--ah-----] D:\~$moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\‚tudes_cas_Laslandes.exe

car ils sont perçus par usbfix et bitdefender en ligne comme infectés.

execute hijackthis + malawarebyte comme demandé

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 19:03

A la base, ces fichiers étaient des documents word. Je ne comprends pas pourquoi ils se sont transformés en fichiers exécutables. Bref, ils n'ont plus aucune importance.
Ma clé USB n'a plus l'air d'être infecté.
Voici les deux rapports.
Merci

Malwarebytes' Anti-Malware 1.32
Database version: 1629
Windows 5.1.2600 Service Pack 2

13/01/2009 18:53:33
mbam-log-2009-01-13 (18-53-33).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|)
Objects scanned: 93252
Time elapsed: 4 hour(s), 55 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MS32DLL (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MS32TMP (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winboot (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\boottmp (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Mskernel32.vbs (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\alexb\Local Settings\Temp\Mskernel32.vbs (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\boot.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\alexb\Local Settings\Temp\boot.ini (Trojan.Agent) -> Quarantined and deleted successfully.

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 19:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:45, on 13/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\alexb\Desktop\Logiciels de désinfection\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 4871 bytes

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 19:07

rapport insuffisant

merci de

RSIT
Télécharge random's system information tool (RSIT) par random/random et sauvegarde le sur ton Bureau

RSIT.exe

Continue

log.txt et info.txt (c:\rsit)

Note : un rapport hijackthis est contenu dans le rapport log.txt

Si tes rapports sont trop long utilise ce site : http://www.miraclesalad.com/webtools/clip.php
Copie/coller ton rapport et clique sur le lien IP ADRESSE copie coller ton IP dans la zone adéquate puis clique sur le bouton Paste to new clipboard
Donne le lien dans ta prochaine réponse.
Il est de type : http://www.miraclesalad.com/webtools/clip.php?clip=XXXX ou xxxx est un numéro.

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 19:30

info.txt logfile of random's system information tool 1.05 2009-01-13 10:29:42

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer ePowerManagement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Ad-remover-->C:\Program Files\Ad-remover\Uninstal.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Defenza-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B3AA536-2193-4D9B-812A-DE45C4D57AD1}\Setup.exe" -l0x9
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\alexb\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Skype

3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftwareUpdate 1.0-->"C:\Documents and Settings\alexb\Application Data\eoRezo\SoftwareUpdate\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090112-0] (disabled)

System event log

Computer Name: ALEX
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.

Record Number: 11966
Source Name: Service Control Manager
Time Written: 20090105221330.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 11965
Source Name: Service Control Manager
Time Written: 20090105221330.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ALEX
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 11964
Source Name: Service Control Manager
Time Written: 20090105221330.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 7035
Message: The Wireless Zero Configuration service was successfully sent a stop control.

Record Number: 11963
Source Name: Service Control Manager
Time Written: 20090105221330.000000+480
Event Type: information
User: ALEX\alexb

Computer Name: ALEX
Event Code: 6005
Message: The Event log service was started.

Record Number: 11962
Source Name: EventLog
Time Written: 20090105221310.000000+480
Event Type: information
User:

Application event log

Computer Name: ALEX
Event Code: 2003
Message:
Record Number: 458
Source Name: EAPOL
Time Written: 20090105084418.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 457
Source Name: SecurityCenter
Time Written: 20090105084406.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 0
Message:
Record Number: 456
Source Name: RegSrvc
Time Written: 20090105084406.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 0
Message:
Record Number: 455
Source Name: OwnershipProtocol
Time Written: 20090105084406.000000+480
Event Type: information
User:

Computer Name: ALEX
Event Code: 0
Message:
Record Number: 454
Source Name: EvtEng
Time Written: 20090105084403.000000+480
Event Type: information
User:

Security event log

Computer Name: ALEX
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: {00000000-0000-0000-0000-000000000000}

Record Number: 5654
Source Name: Security
Time Written: 20090107142620.000000+480
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: ALEX
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.

Logon Process Name: RASMAN

Record Number: 5653
Source Name: Security
Time Written: 20090107142619.000000+480
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: ALEX
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 5652
Source Name: Security
Time Written: 20090107142619.000000+480
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: ALEX
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: {00000000-0000-0000-0000-000000000000}

Record Number: 5651
Source Name: Security
Time Written: 20090107142619.000000+480
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: ALEX
Event Code: 806
Message: Per User Audit Policy was refreshed.

Number of elements: 0

Policy ID: (0x0,0x1614C)

Record Number: 5650
Source Name: Security
Time Written: 20090107142617.000000+480
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 19:32

http://www.miraclesalad.com/webtools/clip.php?clip=2ddd

Sujet: Re: VBs:malware-gen Mar 13 Jan 2009 - 20:43

cle usb toujours infectée

Sujet: Re: VBs:malware-gen Mer 14 Jan 2009 - 7:35

las tu rebranché apres le passage de usbfix ?

Désactive L'antivirus et antispyware....

VBs:malware-gen Otmove10

OTmoveIT3 !

Télécharge OTMoveIt de OldTimer.

Aide : http://www.bibou0007.com/outils-specifiques-f78/tutorial-otmoveit-t387.htm
Sauvegarde le sur ton Bureau.
Double-Clique sur OTMoveIt3.exe pour le lancer.
Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :

Citation :: :processes
explorer.exe

:files
C:\Mskernel32.vbs
C:\Documents and Settings\alexb\Application Data\EoRezo

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87afec13-cf48-11dd-b5a2-0013ceeb483b}]

:commands
[purity]
[emptytemp]
[start explorer]

Retourne dans OTMoveit3, fais un clique-droit dans la fenêtre "Paste instructions for items to move" et choisis Coller.
Clique sur le bouton rouge Moveit!.
Ferme OTMoveIt.

Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

Poste le rapport de OTMoveIT3 dispo ici : C:\_OTMoveIt\MovedFiles

relance usbfix une nouvelle fois poste le rapport accompagne tous ses rapports avec un nouveau rapport RSIT

Sujet: Re: VBs:malware-gen Mer 14 Jan 2009 - 8:48

En fait ca à l'air d'être ok.
Mon antivirus ne détecte plus rien.
Merci bcp

Alex

Sujet: Re: VBs:malware-gen Mer 14 Jan 2009 - 8:52

la désinfection n'est pas terminé merci de continuer des fichiers sont encore présent.

Sujet: Re: VBs:malware-gen Mer 14 Jan 2009 - 15:21

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Mskernel32.vbs moved successfully.
C:\Documents and Settings\alexb\Application Data\EoRezo\SoftwareUpdate moved successfully.
C:\Documents and Settings\alexb\Application Data\EoRezo moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87afec13-cf48-11dd-b5a2-0013ceeb483b}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\alexb\LOCALS~1\Temp\etilqs_Z8dLSRI7fEQ4NUP3zWch scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alexb\LOCALS~1\Temp\~DF5C6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_714.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01142009_150834

Files moved on Reboot...
File C:\DOCUME~1\alexb\LOCALS~1\Temp\etilqs_Z8dLSRI7fEQ4NUP3zWch not found!
C:\DOCUME~1\alexb\LOCALS~1\Temp\~DF5C6.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_714.dat moved successfully.
C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\alexb\Local Settings\Application Data\Mozilla\Firefox\Profiles\n8wd30cg.default\XUL.mfl moved successfully.

Sujet: Re: VBs:malware-gen Mer 14 Jan 2009 - 15:36

-------------- UsbFix V2.414 ---------------

* User : alexb - ALEX
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:30:54 le 14/01/2009
* Windows Xp - Internet Explorer 6.0.2900.2180

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe

--------------- [ Informations lecteurs ] ----------------

C: - Fixed Drive

D: - Fixed Drive

F: - Fixed Drive

H: - Removable Drive

+- Contenu de l'autorun : C:\autorun.inf

+- Contenu de l'autorun : D:\autorun.inf

+- Contenu de l'autorun : F:\autorun.inf

+- Contenu de l'autorun : H:\autorun.inf

--------------- [ Lecteur C ] ----------------

C: - Fixed Drive

+- Listing des fichiers présents :

[12/11/2008 13:04][--a------] C:\AUTOEXEC.BAT
[28/02/2006 20:00][-rahs----] C:\NTDETECT.COM
[12/11/2008 12:47][---hs----] C:\boot.ini
[14/01/2009 15:17][d--h-----] C:\autorun.inf
[14/01/2009 15:30][--a------] C:\UsbFix.txt
[12/11/2008 13:04][--a------] C:\CONFIG.SYS
[12/11/2008 13:04][--a------] C:\hiberfil.sys
[12/11/2008 13:04][--a------] C:\IO.SYS
[12/11/2008 13:04][--a------] C:\MSDOS.SYS
[12/11/2008 13:04][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Fixed Drive

+- Listing des fichiers présents :

[07/01/2009 15:21][--ah-----] D:\Definir la coh‚rence.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýfinalfin.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýsuite.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val1.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚valcor.exe
[07/01/2009 15:21][--ah-----] D:\Pr‚parez.exe
[07/01/2009 15:21][--ah-----] D:\~$moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\‚tudes_cas_Laslandes.exe
[14/01/2009 15:17][d--h-----] D:\autorun.inf

--------------- [ Lecteur F ] ----------------

F: - Fixed Drive

+- Listing des fichiers présents :

[14/01/2009 15:17][d--h-c---] F:\autorun.inf

--------------- [ Lecteur H ] ----------------

H: - Removable Drive

+- Listing des fichiers présents :

[14/01/2009 15:17][d--h-----] H:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://search.live.com"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Persistence=C:\WINDOWS\system32\igfxpers.exe
EPM-DM=c:\acer\epm\epm-dm.exe
ePowerManagement=C:\Acer\ePM\ePM.exe boot
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
IntelWireless=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
EOUApp=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PDFHook=C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
PDF5 Registry Controller=C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [14/01/2009 15:31] C:\autorun.inf
Supprimé ! - [14/01/2009 15:31][d--------] C:\autorun.inf
Echec de la supression !! - [14/01/2009 15:31] D:\autorun.inf
Supprimé ! - [14/01/2009 15:31][d--------] D:\autorun.inf
Echec de la supression !! - [14/01/2009 15:31] F:\autorun.inf
Supprimé ! - [14/01/2009 15:31][d----c---] F:\autorun.inf
Echec de la supression !! - [14/01/2009 15:17] H:\autorun.inf
Supprimé ! - [14/01/2009 15:17][d--------] H:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[12/11/2008 13:04][--a------] C:\AUTOEXEC.BAT
[28/02/2006 20:00][-rahs----] C:\NTDETECT.COM
[12/11/2008 12:47][---hs----] C:\boot.ini
[07/01/2009 15:21][--ah-----] D:\Definir la coh‚rence.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýfinalfin.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýsuite.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val1.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚valcor.exe
[07/01/2009 15:21][--ah-----] D:\Pr‚parez.exe
[07/01/2009 15:21][--ah-----] D:\~$moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\‚tudes_cas_Laslandes.exe

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
H:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

Sujet: Re: VBs:malware-gen Mer 14 Jan 2009 - 15:46

http://www.miraclesalad.com/webtools/clip.php?clip=2de0

Sujet: Re: VBs:malware-gen Mer 14 Jan 2009 - 16:13

supprime ses fichiers sur ton d:

Citation :: [07/01/2009 15:21][--ah-----] D:\Definir la coh‚rence.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýfinalfin.exe
[07/01/2009 15:21][--ah-----] D:\diversificationexpos"Ýsuite.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚val1.exe
[07/01/2009 15:21][--ah-----] D:\m‚moire ‚valcor.exe
[07/01/2009 15:21][--ah-----] D:\Pr‚parez.exe
[07/01/2009 15:21][--ah-----] D:\~$moire ‚val.exe
[07/01/2009 15:21][--ah-----] D:\‚tudes_cas_Laslandes.exe

ensuite pour finir

Kaspersky Online

Pour effectuer les scans, désactive ton antivirus, logiciels de protections et logiciels pouvant bloquer les popups (barres Google, barres Yahoo etc..).

Scan en ligne avec Kaspersky :
- Fais un Scan en ligne sur Kaspersky en utilisant Internet Explorer et pas firefox, ça ne marchera pas!.
- Si tu es perdu, tu peux suivre cette aide pour les scans en ligne
- Scan le poste de travail
- Copie/colle le rapport du scan ici

Note : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", vas dans Ajout/Suppression de programmes et désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

Sujet: Re: VBs:malware-gen Mer 14 Jan 2009 - 22:34

http://www.miraclesalad.com/webtools/clip.php?clip=2de1

» Suppression d'un malware à partir dEmisoft Anti Malware
» Un anti-malware offert : Ashampoo Anti-Malware
» Malware
» Malwarebytes Anti-Malware
» [Fermé] Malware sur Hotmail