Bat.28
avalanch
Messages postés
26
Statut
Membre
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
je suis infecté pas un virus du nom de bat.28 et je ne sais quoi faire
je suis infecté pas un virus du nom de bat.28 et je ne sais quoi faire
Configuration: Windows Vista Firefox 3.0.7
2 réponses
-
Bonjour,
qui te le décèles ?
Dans quel fichier ?
==================
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
.
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
-
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-03-30 23:28:46
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (19%) free of 29 GB
Total RAM: 510 MB (31% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2002-10-23 86016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"L07FXLRD_6453218"=C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE [2006-06-13 351000]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"cbvcs"=C:\WINDOWS\system32\urretnd.exe [2009-02-17 106775]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-03-17 203416]
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Administrateur.GODSON-90082EB3\Menu Démarrer\Programmes\Démarrage
Raccourci vers LE LAST EN GHANEEN.lnk - C:\Documents and Settings\Administrateur.GODSON-90082EB3\Bureau\mp3 alpha\LE LAST EN GHANEEN.wma
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP000.TMP\start.exe"="C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP000.TMP\start.exe:*:Enabled:Windows Application Service"
"C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP001.TMP\start.exe"="C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP001.TMP\start.exe:*:Enabled:Windows Application Service"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE"="C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\28.bat
shell\open\command - C:\28.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105ef3e2-5fd6-11dd-b834-84276ed1a8ce}]
shell\AutoRun\command - E:\nby.bat
shell\explore\command - E:\nby.bat
shell\open\command - E:\nby.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105ef3e3-5fd6-11dd-b834-84276ed1a8ce}]
shell\AutoRun\command - nby.bat
shell\explore\command - nby.bat
shell\open\command - nby.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200f0402-3caf-11dd-b7e3-edde9b83d5ce}]
shell\AutoRun\command - E:\n1deiect.com
shell\explore\command - E:\n1deiect.com
shell\open\command - E:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2028465c-0e7c-11de-b961-84c688c030ce}]
shell\AutoRun\command - E:\28.bat
shell\open\command - E:\28.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23bea595-c9ff-11dc-b6dd-0007e9c50d12}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bceef50-0888-11de-b954-aa7d4836edce}]
shell\AutoRun\command - E:\uvsqfgwd.cmd
shell\open\command - E:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{376c3b1a-49ee-11dc-8c3a-0007e9c50d12}]
shell\AutoRun\command - E:\2ifetri.cmd
shell\explore\command - E:\2ifetri.cmd
shell\open\command - E:\2ifetri.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46abf483-5bdf-11dc-b5e2-b5696fcf11c8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4954a25d-6693-11dc-b5ee-80e8eb56c6cf}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{506a4886-bc40-11dc-b6bf-0007e9c50d12}]
shell\Auto\command - wscript "Sex City.jpg.wsf"
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e15dc6e-f670-11dc-b75b-0007e9c50d12}]
shell\AutoRun\command - E:\n1deiect.com
shell\explore\command - E:\n1deiect.com
shell\open\command - E:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b7735e8-de30-11dd-b90e-8bfded5b28cd}]
shell\AutoRun\command - 28.bat
shell\open\command - 28.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a9b995a-33d0-11dc-8bde-0007e9c50d12}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1eee5fa-5aff-11dc-b5dd-a7b370aad0cf}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3785462-ceb0-11dc-b6e6-0007e9c50d12}]
shell\AutoRun\command - ntdelect.com
shell\explore\command - E:\utdetect.com
shell\open\command - E:\utdetect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb31cfa9-9079-11dc-b666-0007e9c50d12}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9082913-ebd3-11db-9ca2-806d6172696f}]
shell\AutoRun\command - C:\28.bat
shell\open\command - C:\28.bat
======File associations======
.js - open -
.txt - open -
======List of files/folders created in the last 1 months======
2009-03-30 23:28:47 ----D---- C:\Program Files\trend micro
2009-03-30 23:28:46 ----D---- C:\rsit
2009-03-24 01:39:21 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-03-24 01:39:21 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-03-24 01:39:20 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-03-24 01:39:16 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\TuneUp Software
2009-03-24 01:38:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2009-03-24 01:38:31 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-03-24 01:38:09 ----SHD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-22 19:54:12 ----RSH---- C:\28.bat
2009-03-22 19:49:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-22 19:36:37 ----D---- C:\Program Files\Conduit
2009-03-22 19:36:35 ----D---- C:\Program Files\free-downloads.net
2009-03-22 19:36:22 ----D---- C:\Program Files\Alcohol Soft
2009-03-22 19:33:01 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\DAEMON Tools Pro
2009-03-22 19:33:01 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\DAEMON Tools
2009-03-22 19:32:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
2009-03-22 01:00:36 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\DAEMON Tools Lite
2009-03-22 00:48:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-03-22 00:48:01 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Yahoo!
2009-03-22 00:47:56 ----D---- C:\Program Files\Yahoo!
2009-03-17 14:01:36 ----RSH---- C:\WINDOWS\system32\optyhww1.dll
2009-03-17 12:43:20 ----A---- C:\WINDOWS\mdm.ini
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\WPWIZDLL.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\WEBPOST.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\POSTWPP.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\PIPARSE.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\FTPWPP.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\FPWPP.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\CRSWPP.DLL
2009-03-17 12:41:15 ----D---- C:\Program Files\Publication Web
2009-03-17 12:35:40 ----RHD---- C:\~MSSETUP.T
2009-03-11 21:39:56 ----RSH---- C:\WINDOWS\system32\urretnd.exe
2009-03-11 21:39:56 ----RSH---- C:\WINDOWS\system32\optyhww0.dll
2009-03-07 22:55:16 ----D---- C:\My Installations
2009-03-07 22:54:13 ----A---- C:\WINDOWS\system32\hha.dll
2009-03-07 22:53:58 ----D---- C:\Program Files\HTML Help Workshop
2009-03-07 22:53:23 ----A---- C:\WINDOWS\system32\RAOCX32.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\rarv1032.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32sipr.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32rv10.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32dnet.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32clv1.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra3228_8.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\RA3214_4.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\pnui3240.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\pnen3240.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\decdnet.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\clrviddc.dll
2009-03-07 22:53:20 ----D---- C:\Program Files\Real
2009-03-07 22:53:20 ----A---- C:\WINDOWS\RAUNINST.exe
======List of files/folders modified in the last 1 months======
2009-03-30 23:28:47 ----RD---- C:\Program Files
2009-03-30 23:28:19 ----D---- C:\WINDOWS
2009-03-30 23:28:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-30 23:25:03 ----D---- C:\WINDOWS\system32
2009-03-30 23:25:01 ----D---- C:\WINDOWS\system32\drivers
2009-03-30 13:06:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-30 10:53:09 ----D---- C:\WINDOWS\Temp
2009-03-30 10:47:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-29 00:43:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-03-29 00:43:36 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Adobe
2009-03-28 15:03:58 ----D---- C:\Dev-Cpp
2009-03-27 15:29:31 ----AC---- C:\WINDOWS\vbaddin.ini
2009-03-27 11:46:48 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\HPAppData
2009-03-24 01:39:22 ----SHD---- C:\WINDOWS\Installer
2009-03-24 01:39:22 ----HD---- C:\Config.Msi
2009-03-24 01:39:22 ----D---- C:\WINDOWS\system32\config
2009-03-24 01:39:19 ----SD---- C:\WINDOWS\Tasks
2009-03-22 01:16:08 ----D---- C:\WINDOWS\Minidump
2009-03-22 01:16:08 ----D---- C:\WINDOWS\Debug
2009-03-22 00:44:38 ----HD---- C:\WINDOWS\inf
2009-03-20 23:10:08 ----D---- C:\Program Files\Total Video Converter
2009-03-17 12:43:19 ----SD---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Microsoft
2009-03-17 12:42:41 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-03-17 12:42:41 ----AC---- C:\WINDOWS\ODBC.INI
2009-03-17 12:41:40 ----D---- C:\Program Files\Fichiers communs
2009-03-17 12:41:30 ----AC---- C:\WINDOWS\vb.ini
2009-03-17 12:41:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-17 12:41:15 ----D---- C:\WINDOWS\Help
2009-03-17 12:41:07 ----D---- C:\Program Files\Microsoft Visual Studio
2009-03-17 12:40:58 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-03-17 12:40:56 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2009-03-17 12:40:04 ----D---- C:\WINDOWS\msapps
2009-03-17 12:39:49 ----D---- C:\WINDOWS\system
2009-03-07 23:07:27 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Wildfire
2009-03-07 22:58:39 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-03-07 22:49:47 ----D---- C:\Program Files\SuperCopier2
2009-03-04 07:46:27 ----D---- C:\WINDOWS\Prefetch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-08-11 179664]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 aa3hxzhu;aa3hxzhu; C:\WINDOWS\system32\drivers\aa3hxzhu.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\mc21.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R2 Serveur Sage;Serveur Sage; C:\WINDOWS\system32\CBASE.EXE [2003-12-04 372736]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TBW32CONFIGSERVICE;Telbac Configuration Service; C:\Program Files\TELBAC\svctbw.exe [2000-12-12 109568]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-03-24 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-03-24 362240]
S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 34036]
-----------------EOF-----------------
-
-
Bonsoir,
on commence comme ça :
Télécharge Flash_Disinfector de sUBs ici :
https://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
Enregistre le sur ton Bureau.
Double clique sur Flash_Disinfector.exe pour le lancer
.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra , connecte les clés USB et périphériques USB externes susceptibles d'avoir été infectés.
Puis clique sur Ok
Les icônes sur le Bureau vont disparaitre jusqu'à l'apparition du message: "Done!!"
Appuye sur "Ok", pour faire réapparaitre le Bureau
=============
On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.
Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.