Sujet Précédent Sujet Suivant

Bat.28

avalanch Messages postés 26 Statut Membre -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité - 1 avr. 2009 à 00:23

Bonjour,
je suis infecté pas un virus du nom de bat.28 et je ne sais quoi faire

Afficher la suite

A voir également:

Bat.28
Creer un fichier .bat - Guide
Bat to exe converter - Télécharger - Édition & Programmation
06 28 quel operateur - Guide
=12+28+ excel pix ✓ - Forum Bureautique
=12+28+ pix - Forum Excel

2 réponses

Réponse 1 / 2

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Bonjour,

qui te le décèles ?

Dans quel fichier ?

==================
Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
.

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

avalanch Messages postés 26 Statut Membre 5

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-03-30 23:28:46
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (19%) free of 29 GB
Total RAM: 510 MB (31% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2002-10-23 86016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"L07FXLRD_6453218"=C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE [2006-06-13 351000]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"cbvcs"=C:\WINDOWS\system32\urretnd.exe [2009-02-17 106775]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-03-17 203416]

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Administrateur.GODSON-90082EB3\Menu Démarrer\Programmes\Démarrage
Raccourci vers LE LAST EN GHANEEN.lnk - C:\Documents and Settings\Administrateur.GODSON-90082EB3\Bureau\mp3 alpha\LE LAST EN GHANEEN.wma

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP000.TMP\start.exe"="C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP000.TMP\start.exe:*:Enabled:Windows Application Service"
"C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP001.TMP\start.exe"="C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\IXP001.TMP\start.exe:*:Enabled:Windows Application Service"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE"="C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\28.bat
shell\open\command - C:\28.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105ef3e2-5fd6-11dd-b834-84276ed1a8ce}]
shell\AutoRun\command - E:\nby.bat
shell\explore\command - E:\nby.bat
shell\open\command - E:\nby.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105ef3e3-5fd6-11dd-b834-84276ed1a8ce}]
shell\AutoRun\command - nby.bat
shell\explore\command - nby.bat
shell\open\command - nby.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200f0402-3caf-11dd-b7e3-edde9b83d5ce}]
shell\AutoRun\command - E:\n1deiect.com
shell\explore\command - E:\n1deiect.com
shell\open\command - E:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2028465c-0e7c-11de-b961-84c688c030ce}]
shell\AutoRun\command - E:\28.bat
shell\open\command - E:\28.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23bea595-c9ff-11dc-b6dd-0007e9c50d12}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bceef50-0888-11de-b954-aa7d4836edce}]
shell\AutoRun\command - E:\uvsqfgwd.cmd
shell\open\command - E:\uvsqfgwd.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{376c3b1a-49ee-11dc-8c3a-0007e9c50d12}]
shell\AutoRun\command - E:\2ifetri.cmd
shell\explore\command - E:\2ifetri.cmd
shell\open\command - E:\2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46abf483-5bdf-11dc-b5e2-b5696fcf11c8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4954a25d-6693-11dc-b5ee-80e8eb56c6cf}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{506a4886-bc40-11dc-b6bf-0007e9c50d12}]
shell\Auto\command - wscript "Sex City.jpg.wsf"
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e15dc6e-f670-11dc-b75b-0007e9c50d12}]
shell\AutoRun\command - E:\n1deiect.com
shell\explore\command - E:\n1deiect.com
shell\open\command - E:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b7735e8-de30-11dd-b90e-8bfded5b28cd}]
shell\AutoRun\command - 28.bat
shell\open\command - 28.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a9b995a-33d0-11dc-8bde-0007e9c50d12}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1eee5fa-5aff-11dc-b5dd-a7b370aad0cf}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3785462-ceb0-11dc-b6e6-0007e9c50d12}]
shell\AutoRun\command - ntdelect.com
shell\explore\command - E:\utdetect.com
shell\open\command - E:\utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb31cfa9-9079-11dc-b666-0007e9c50d12}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9082913-ebd3-11db-9ca2-806d6172696f}]
shell\AutoRun\command - C:\28.bat
shell\open\command - C:\28.bat

======File associations======

.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2009-03-30 23:28:47 ----D---- C:\Program Files\trend micro
2009-03-30 23:28:46 ----D---- C:\rsit
2009-03-24 01:39:21 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-03-24 01:39:21 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-03-24 01:39:20 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-03-24 01:39:16 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\TuneUp Software
2009-03-24 01:38:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2009-03-24 01:38:31 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-03-24 01:38:09 ----SHD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-22 19:54:12 ----RSH---- C:\28.bat
2009-03-22 19:49:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-22 19:36:37 ----D---- C:\Program Files\Conduit
2009-03-22 19:36:35 ----D---- C:\Program Files\free-downloads.net
2009-03-22 19:36:22 ----D---- C:\Program Files\Alcohol Soft
2009-03-22 19:33:01 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\DAEMON Tools Pro
2009-03-22 19:33:01 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\DAEMON Tools
2009-03-22 19:32:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
2009-03-22 01:00:36 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\DAEMON Tools Lite
2009-03-22 00:48:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-03-22 00:48:01 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Yahoo!
2009-03-22 00:47:56 ----D---- C:\Program Files\Yahoo!
2009-03-17 14:01:36 ----RSH---- C:\WINDOWS\system32\optyhww1.dll
2009-03-17 12:43:20 ----A---- C:\WINDOWS\mdm.ini
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\WPWIZDLL.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\WEBPOST.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\POSTWPP.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\PIPARSE.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\FTPWPP.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\FPWPP.DLL
2009-03-17 12:41:15 ----RA---- C:\WINDOWS\system32\CRSWPP.DLL
2009-03-17 12:41:15 ----D---- C:\Program Files\Publication Web
2009-03-17 12:35:40 ----RHD---- C:\~MSSETUP.T
2009-03-11 21:39:56 ----RSH---- C:\WINDOWS\system32\urretnd.exe
2009-03-11 21:39:56 ----RSH---- C:\WINDOWS\system32\optyhww0.dll
2009-03-07 22:55:16 ----D---- C:\My Installations
2009-03-07 22:54:13 ----A---- C:\WINDOWS\system32\hha.dll
2009-03-07 22:53:58 ----D---- C:\Program Files\HTML Help Workshop
2009-03-07 22:53:23 ----A---- C:\WINDOWS\system32\RAOCX32.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\rarv1032.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32sipr.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32rv10.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32dnet.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra32clv1.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\ra3228_8.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\RA3214_4.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\pnui3240.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\pnen3240.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\decdnet.dll
2009-03-07 22:53:21 ----A---- C:\WINDOWS\system32\clrviddc.dll
2009-03-07 22:53:20 ----D---- C:\Program Files\Real
2009-03-07 22:53:20 ----A---- C:\WINDOWS\RAUNINST.exe

======List of files/folders modified in the last 1 months======

2009-03-30 23:28:47 ----RD---- C:\Program Files
2009-03-30 23:28:19 ----D---- C:\WINDOWS
2009-03-30 23:28:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-30 23:25:03 ----D---- C:\WINDOWS\system32
2009-03-30 23:25:01 ----D---- C:\WINDOWS\system32\drivers
2009-03-30 13:06:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-30 10:53:09 ----D---- C:\WINDOWS\Temp
2009-03-30 10:47:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-29 00:43:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-03-29 00:43:36 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Adobe
2009-03-28 15:03:58 ----D---- C:\Dev-Cpp
2009-03-27 15:29:31 ----AC---- C:\WINDOWS\vbaddin.ini
2009-03-27 11:46:48 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\HPAppData
2009-03-24 01:39:22 ----SHD---- C:\WINDOWS\Installer
2009-03-24 01:39:22 ----HD---- C:\Config.Msi
2009-03-24 01:39:22 ----D---- C:\WINDOWS\system32\config
2009-03-24 01:39:19 ----SD---- C:\WINDOWS\Tasks
2009-03-22 01:16:08 ----D---- C:\WINDOWS\Minidump
2009-03-22 01:16:08 ----D---- C:\WINDOWS\Debug
2009-03-22 00:44:38 ----HD---- C:\WINDOWS\inf
2009-03-20 23:10:08 ----D---- C:\Program Files\Total Video Converter
2009-03-17 12:43:19 ----SD---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Microsoft
2009-03-17 12:42:41 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-03-17 12:42:41 ----AC---- C:\WINDOWS\ODBC.INI
2009-03-17 12:41:40 ----D---- C:\Program Files\Fichiers communs
2009-03-17 12:41:30 ----AC---- C:\WINDOWS\vb.ini
2009-03-17 12:41:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-17 12:41:15 ----D---- C:\WINDOWS\Help
2009-03-17 12:41:07 ----D---- C:\Program Files\Microsoft Visual Studio
2009-03-17 12:40:58 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-03-17 12:40:56 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2009-03-17 12:40:04 ----D---- C:\WINDOWS\msapps
2009-03-17 12:39:49 ----D---- C:\WINDOWS\system
2009-03-07 23:07:27 ----D---- C:\Documents and Settings\Administrateur.GODSON-90082EB3\Application Data\Wildfire
2009-03-07 22:58:39 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-03-07 22:49:47 ----D---- C:\Program Files\SuperCopier2
2009-03-04 07:46:27 ----D---- C:\WINDOWS\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-08-11 179664]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 aa3hxzhu;aa3hxzhu; C:\WINDOWS\system32\drivers\aa3hxzhu.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~2.GOD\LOCALS~1\Temp\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R2 Serveur Sage;Serveur Sage; C:\WINDOWS\system32\CBASE.EXE [2003-12-04 372736]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TBW32CONFIGSERVICE;Telbac Configuration Service; C:\Program Files\TELBAC\svctbw.exe [2000-12-12 109568]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-03-24 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-03-24 362240]
S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 34036]

-----------------EOF-----------------

Réponse 2 / 2

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Bonsoir,

on commence comme ça :

Télécharge Flash_Disinfector de sUBs ici :

https://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Enregistre le sur ton Bureau.

Double clique sur Flash_Disinfector.exe pour le lancer
.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra , connecte les clés USB et périphériques USB externes susceptibles d'avoir été infectés.

Puis clique sur Ok

Les icônes sur le Bureau vont disparaitre jusqu'à l'apparition du message: "Done!!"

Appuye sur "Ok", pour faire réapparaitre le Bureau

=============

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

Discussions similaires

Compte Grindr suspendu

EXCEL - Afficher les signes +

pasage de txt a bat

Comment mettre une note sur 28 sur 20 ?

Comment afficher + ou - dans Excel

Bat.28

2 réponses

Votre réponse

Discussions similaires

Newsletters