J'ai un probleme similaire Win32:Trojan-gen
CCJUL
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Voilà j'ai lu les réponses mais je ne comprend pas tout!!! Est ce que quelqu'un pourrait m'aider??? Mon ordi est infecté, avast trouve le virus dans le fichier C:\WINDOWS\Temp\wpv931251033318.exe\install.exe mais je ne peux ni supprimer ni mettre en quarantaine.
J'ai lu que parfois certains demandent le rapport hijacsk donc le voilà :
Scan saved at 17:04:04, on 27/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\XCSyncML.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www..google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\system32\XCSyncML.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: ikowin32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
Voilà j'ai lu les réponses mais je ne comprend pas tout!!! Est ce que quelqu'un pourrait m'aider??? Mon ordi est infecté, avast trouve le virus dans le fichier C:\WINDOWS\Temp\wpv931251033318.exe\install.exe mais je ne peux ni supprimer ni mettre en quarantaine.
J'ai lu que parfois certains demandent le rapport hijacsk donc le voilà :
Scan saved at 17:04:04, on 27/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\XCSyncML.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www..google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\system32\XCSyncML.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: ikowin32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
A voir également:
- J'ai un probleme similaire Win32:Trojan-gen
- Site similaire a coco - Accueil - Réseaux sociaux
- Remplaçant de Coco : quelles solutions pour tchater gratuitement en ligne ? - Accueil - Réseaux sociaux
- Site similaire à coqnu ✓ - Forum Graphisme
- Site similaire zone telechargement - Accueil - Outils
- COCO : où aller ensuite ? ✓ - Forum Réseaux sociaux
3 réponses
slt,
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
:processes
explorer.exe
:files
C:\WINDOWS\Temp\wpv931251033318.exe
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________________________
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
:processes
explorer.exe
:files
C:\WINDOWS\Temp\wpv931251033318.exe
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________________________
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
alors passe super antispyware et colle le rapport et vire tout
https://www.malekal.com/?s=SUPERAntiSpyware
puis colle un rapport RSIT
https://www.malekal.com/?s=SUPERAntiSpyware
puis colle un rapport RSIT
hello,
bon toujours embété,
voilà les deux rapports :
Spyware C:/windows/system32/iesetup.dll Spyware.IEMonster.d Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.
Spyware autorun Spyware.IMMonitor Program that can be used to monitor and record conversations in popular instant messaging applications.
Backdoor C:/windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions).
Dialer C:/windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
Spyware autorun Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
Trojan C:/windows/system32/explorer.exe Trojan.MailGrabber.s Trojan horse that gets access to e-mail accounts on the infected computer.
Trojan C:/windows/system32/alg.exe Trojan.Alg.t Trojan program that can compromise your private information stored on the hard drive.
Rogue C:/Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
Rogue C:/Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
Trojan C:/windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
Spyware C:/windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
Trojan C:/windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Dialer C:/windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Worm C:/windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC.
Worm C:/windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Trojan C:/windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user.
Worm C:/windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
Trojan C:/windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
Trojan C:/windows/system/drivers/etc/ Trojan.IRCBot.d A worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability.
Trojan C:/windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
Trojan C:/windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
Worm C:/windows/system/ Worm.Bagle.CP This is a "Bagle" mass-mailer which demonstrates typical "Bagle" behavior.
Worm C:/windows/ Win32.BlackMail.xx This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008.
Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
Trojan autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
et le deuxieme,
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-30 17:11:53
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 MB (0%) free of 10 GB
Total RAM: 1023 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:08, on 30/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\XCSyncML.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\Documents and Settings\All Users\Application Data\15137344\15137344.exe
C:\WINDOWS\system32\mset.exe
C:\WINDOWS\system32\mset.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Documents and Settings\Administrateur\mset.exe
C:\Documents and Settings\Administrateur\mset.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2327GJWX\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\system32\XCSyncML.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [15137344] C:\Documents and Settings\All Users\Application Data\15137344\15137344.exe
O4 - HKLM\..\Run: [mset] C:\WINDOWS\system32\mset.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [mset] C:\Documents and Settings\Administrateur\mset.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: ikowin32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
bon toujours embété,
voilà les deux rapports :
Spyware C:/windows/system32/iesetup.dll Spyware.IEMonster.d Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.
Spyware autorun Spyware.IMMonitor Program that can be used to monitor and record conversations in popular instant messaging applications.
Backdoor C:/windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions).
Dialer C:/windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
Spyware autorun Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
Trojan C:/windows/system32/explorer.exe Trojan.MailGrabber.s Trojan horse that gets access to e-mail accounts on the infected computer.
Trojan C:/windows/system32/alg.exe Trojan.Alg.t Trojan program that can compromise your private information stored on the hard drive.
Rogue C:/Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
Rogue C:/Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
Trojan C:/windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
Spyware C:/windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
Trojan C:/windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Dialer C:/windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Worm C:/windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC.
Worm C:/windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Trojan C:/windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user.
Worm C:/windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
Trojan C:/windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
Trojan C:/windows/system/drivers/etc/ Trojan.IRCBot.d A worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability.
Trojan C:/windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
Trojan C:/windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
Worm C:/windows/system/ Worm.Bagle.CP This is a "Bagle" mass-mailer which demonstrates typical "Bagle" behavior.
Worm C:/windows/ Win32.BlackMail.xx This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008.
Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
Trojan autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
et le deuxieme,
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-30 17:11:53
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 MB (0%) free of 10 GB
Total RAM: 1023 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:08, on 30/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\XCSyncML.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\Documents and Settings\All Users\Application Data\15137344\15137344.exe
C:\WINDOWS\system32\mset.exe
C:\WINDOWS\system32\mset.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Documents and Settings\Administrateur\mset.exe
C:\Documents and Settings\Administrateur\mset.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2327GJWX\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\system32\XCSyncML.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [15137344] C:\Documents and Settings\All Users\Application Data\15137344\15137344.exe
O4 - HKLM\..\Run: [mset] C:\WINDOWS\system32\mset.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [mset] C:\Documents and Settings\Administrateur\mset.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: ikowin32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Tout d'abord merci beaucoup pour ton aide, car je suis vraiment embété.
J'ai essayé de faire ce que tu m'a dis mais j'ai rencontré plusieurs problème.
1 j'ai instal omt et fait ce que tu m'a dis mais une fois le scan fait et que je clique sur move it l'ordi plante (bureau vide et plus de commande) et je suis oblige de faire reset.
2 avec malware byte je trouve 38 virus ou fichier infecté dont "des tracker pour cb etc..." mais je n'arrive a rien éliminer et à la fin du scan l'odi rame dur....
Donc je ne sais pas trop quoi faire....
Merci encore
CCJUL