Bat.28

avalanch Messages postés 26 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
je suis infecté pas un virus du nom de bat.28 et je ne sais quoi faire
Configuration: Windows Vista
Firefox 3.0.7

2 réponses

  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    qui te le décèles ?

    Dans quel fichier ?

    ==================
    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    .

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. avalanch Messages postés 26 Statut Membre 5
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Administrateur at 2009-03-30 23:28:46
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 5 GB (19%) free of 29 GB
      Total RAM: 510 MB (31% free)

      HijackThis download failed

      ======Scheduled tasks folder======

      C:\WINDOWS\tasks\1-Click Maintenance.job
      C:\WINDOWS\tasks\HPpromotions journeysoftware.job

      ======Registry dump======

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
      &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
      HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
      BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
      free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
      SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
      HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]
      {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
      {ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
      "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
      "PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2002-10-23 86016]
      "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
      "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
      "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
      "L07FXLRD_6453218"=C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE [2006-06-13 351000]
      "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
      "cbvcs"=C:\WINDOWS\system32\urretnd.exe [2009-02-17 106775]
      "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-03-17 203416]

      C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
      Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

      C:\Documents and Settings\Administrateur.GODSON-90082EB3\Menu Démarrer\Programmes\Démarrage
      Raccourci vers LE LAST EN GHANEEN.lnk - C:\Documents and Settings\Administrateur.GODSON-90082EB3\Bureau\mp3 alpha\LE LAST EN GHANEEN.wma

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
      C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=145

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
      "C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP000.TMP\start.exe"="C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP000.TMP\start.exe:*:Enabled:Windows Application Service"
      "C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP001.TMP\start.exe"="C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP001.TMP\start.exe:*:Enabled:Windows Application Service"
      "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
      "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
      "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
      "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
      "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
      "C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE"="C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
      shell\AutoRun\command - C:\28.bat
      shell\open\command - C:\28.bat

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105ef3e2-5fd6-11dd-b834-84276ed1a8ce}]
      shell\AutoRun\command - E:\nby.bat
      shell\explore\command - E:\nby.bat
      shell\open\command - E:\nby.bat

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105ef3e3-5fd6-11dd-b834-84276ed1a8ce}]
      shell\AutoRun\command - nby.bat
      shell\explore\command - nby.bat
      shell\open\command - nby.bat

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200f0402-3caf-11dd-b7e3-edde9b83d5ce}]
      shell\AutoRun\command - E:\n1deiect.com
      shell\explore\command - E:\n1deiect.com
      shell\open\command - E:\n1deiect.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2028465c-0e7c-11de-b961-84c688c030ce}]
      shell\AutoRun\command - E:\28.bat
      shell\open\command - E:\28.bat

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23bea595-c9ff-11dc-b6dd-0007e9c50d12}]
      shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bceef50-0888-11de-b954-aa7d4836edce}]
      shell\AutoRun\command - E:\uvsqfgwd.cmd
      shell\open\command - E:\uvsqfgwd.cmd

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{376c3b1a-49ee-11dc-8c3a-0007e9c50d12}]
      shell\AutoRun\command - E:\2ifetri.cmd
      shell\explore\command - E:\2ifetri.cmd
      shell\open\command - E:\2ifetri.cmd

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46abf483-5bdf-11dc-b5e2-b5696fcf11c8}]
      shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4954a25d-6693-11dc-b5ee-80e8eb56c6cf}]
      shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{506a4886-bc40-11dc-b6bf-0007e9c50d12}]
      shell\Auto\command - wscript "Sex City.jpg.wsf"
      shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e15dc6e-f670-11dc-b75b-0007e9c50d12}]
      shell\AutoRun\command - E:\n1deiect.com
      shell\explore\command - E:\n1deiect.com
      shell\open\command - E:\n1deiect.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b7735e8-de30-11dd-b90e-8bfded5b28cd}]
      shell\AutoRun\command - 28.bat
      shell\open\command - 28.bat

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a9b995a-33d0-11dc-8bde-0007e9c50d12}]
      shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1eee5fa-5aff-11dc-b5dd-a7b370aad0cf}]
      shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3785462-ceb0-11dc-b6e6-0007e9c50d12}]
      shell\AutoRun\command - ntdelect.com
      shell\explore\command - E:\utdetect.com
      shell\open\command - E:\utdetect.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb31cfa9-9079-11dc-b666-0007e9c50d12}]
      shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9082913-ebd3-11db-9ca2-806d6172696f}]
      shell\AutoRun\command - C:\28.bat
      shell\open\command - C:\28.bat


      ======File associations======

      .js - open -
      .txt - open -

      ======List of files/folders created in the last 1 months======

      2009-03-30 23:28:47 ----D---- C:\Program Files\trend micro
      2009-03-30 23:28:46 ----D---- C:\rsit
      2009-03-24 01:39:21 ----A---- C:\WINDOWS\system32\uxtuneup.dll
      2009-03-24 01:39:21 ----A---- C:\WINDOWS\system32\TUProgSt.exe
      2009-03-24 01:39:20 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
      2009-03-24 01:39:16 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\TuneUp Software
      2009-03-24 01:38:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
      2009-03-24 01:38:31 ----D---- C:\Program Files\TuneUp Utilities 2009
      2009-03-24 01:38:09 ----SHD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
      2009-03-22 19:54:12 ----RSH---- C:\28.bat
      2009-03-22 19:49:24 ----A---- C:\WINDOWS\ntbtlog.txt
      2009-03-22 19:36:37 ----D---- C:\Program Files\Conduit
      2009-03-22 19:36:35 ----D---- C:\Program Files\free-downloads.net
      2009-03-22 19:36:22 ----D---- C:\Program Files\Alcohol Soft
      2009-03-22 19:33:01 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\DAEMON Tools Pro
      2009-03-22 19:33:01 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\DAEMON Tools
      2009-03-22 19:32:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
      2009-03-22 01:00:36 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\DAEMON Tools Lite
      2009-03-22 00:48:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
      2009-03-22 00:48:01 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Yahoo!
      2009-03-22 00:47:56 ----D---- C:\Program Files\Yahoo!
      2009-03-17 14:01:36 ----RSH---- C:\WINDOWS\system32\optyhww1.dll
      2009-03-17 12:43:20 ----A---- C:\WINDOWS\mdm.ini
      2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\WPWIZDLL.DLL
      2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\WEBPOST.DLL
      2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\POSTWPP.DLL
      2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\PIPARSE.DLL
      2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\FTPWPP.DLL
      2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\FPWPP.DLL
      2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\CRSWPP.DLL
      2009-03-17 12:41:15 ----D---- C:\Program Files\Publication Web
      2009-03-17 12:35:40 ----RHD---- C:\~MSSETUP.T
      2009-03-11 21:39:56 ----RSH---- C:\WINDOWS\system32\urretnd.exe
      2009-03-11 21:39:56 ----RSH---- C:\WINDOWS\system32\optyhww0.dll
      2009-03-07 22:55:16 ----D---- C:\My Installations
      2009-03-07 22:54:13 ----A---- C:\WINDOWS\system32\hha.dll
      2009-03-07 22:53:58 ----D---- C:\Program Files\HTML Help Workshop
      2009-03-07 22:53:23 ----A---- C:\WINDOWS\system32\RAOCX32.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\rarv1032.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32sipr.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32rv10.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32dnet.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32clv1.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra3228_8.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\RA3214_4.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\pnui3240.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\pnen3240.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\pncrt.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\decdnet.dll
      2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\clrviddc.dll
      2009-03-07 22:53:20 ----D---- C:\Program Files\Real
      2009-03-07 22:53:20 ----A---- C:\WINDOWS\RAUNINST.exe

      ======List of files/folders modified in the last 1 months======

      2009-03-30 23:28:47 ----RD---- C:\Program Files
      2009-03-30 23:28:19 ----D---- C:\WINDOWS
      2009-03-30 23:28:00 ----D---- C:\WINDOWS\system32\CatRoot2
      2009-03-30 23:25:03 ----D---- C:\WINDOWS\system32
      2009-03-30 23:25:01 ----D---- C:\WINDOWS\system32\drivers
      2009-03-30 13:06:42 ----A---- C:\WINDOWS\SchedLgU.Txt
      2009-03-30 10:53:09 ----D---- C:\WINDOWS\Temp
      2009-03-30 10:47:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
      2009-03-29 00:43:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
      2009-03-29 00:43:36 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Adobe
      2009-03-28 15:03:58 ----D---- C:\Dev-Cpp
      2009-03-27 15:29:31 ----AC---- C:\WINDOWS\vbaddin.ini
      2009-03-27 11:46:48 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\HPAppData
      2009-03-24 01:39:22 ----SHD---- C:\WINDOWS\Installer
      2009-03-24 01:39:22 ----HD---- C:\Config.Msi
      2009-03-24 01:39:22 ----D---- C:\WINDOWS\system32\config
      2009-03-24 01:39:19 ----SD---- C:\WINDOWS\Tasks
      2009-03-22 01:16:08 ----D---- C:\WINDOWS\Minidump
      2009-03-22 01:16:08 ----D---- C:\WINDOWS\Debug
      2009-03-22 00:44:38 ----HD---- C:\WINDOWS\inf
      2009-03-20 23:10:08 ----D---- C:\Program Files\Total Video Converter
      2009-03-17 12:43:19 ----SD---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Microsoft
      2009-03-17 12:42:41 ----AC---- C:\WINDOWS\ODBCINST.INI
      2009-03-17 12:42:41 ----AC---- C:\WINDOWS\ODBC.INI
      2009-03-17 12:41:40 ----D---- C:\Program Files\Fichiers communs
      2009-03-17 12:41:30 ----AC---- C:\WINDOWS\vb.ini
      2009-03-17 12:41:15 ----SD---- C:\WINDOWS\Downloaded Program Files
      2009-03-17 12:41:15 ----D---- C:\WINDOWS\Help
      2009-03-17 12:41:07 ----D---- C:\Program Files\Microsoft Visual Studio
      2009-03-17 12:40:58 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
      2009-03-17 12:40:56 ----D---- C:\Program Files\Fichiers communs\DESIGNER
      2009-03-17 12:40:04 ----D---- C:\WINDOWS\msapps
      2009-03-17 12:39:49 ----D---- C:\WINDOWS\system
      2009-03-07 23:07:27 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Wildfire
      2009-03-07 22:58:39 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
      2009-03-07 22:49:47 ----D---- C:\Program Files\SuperCopier2
      2009-03-04 07:46:27 ----D---- C:\WINDOWS\Prefetch

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
      R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
      R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
      R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
      R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
      R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
      R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
      R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
      R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
      R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-08-11 179664]
      R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
      R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
      R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
      R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
      S3 aa3hxzhu;aa3hxzhu; C:\WINDOWS\system32\drivers\aa3hxzhu.sys []
      S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
      S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
      S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
      S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
      S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
      S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
      S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
      S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\mc21.tmp []

      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
      R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
      R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
      R2 Serveur Sage;Serveur Sage; C:\WINDOWS\system32\CBASE.EXE [2003-12-04 372736]
      R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
      R2 TBW32CONFIGSERVICE;Telbac Configuration Service; C:\Program Files\TELBAC\svctbw.exe [2000-12-12 109568]
      R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-03-24 603904]
      R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
      R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
      R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
      R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
      R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
      S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
      S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
      S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
      S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
      S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
      S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
      S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-03-24 362240]
      S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 34036]

      -----------------EOF-----------------
      0
  2. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    on commence comme ça :

    Télécharge Flash_Disinfector de sUBs ici :

    https://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

    Enregistre le sur ton Bureau.

    Double clique sur Flash_Disinfector.exe pour le lancer
    .
    Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra , connecte les clés USB et périphériques USB externes susceptibles d'avoir été infectés.

    Puis clique sur Ok

    Les icônes sur le Bureau vont disparaitre jusqu'à l'apparition du message: "Done!!"

    Appuye sur "Ok", pour faire réapparaitre le Bureau

    =============

    On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    * Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

    Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
    0