Pc infecté (avast n'est pas appli win32 valid

rastarocketer -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
merci à ceux qui prendront un peu de temps à me lire....
Alors voila j'ai du infecter ma machine avec un DL car avast ne s'ouvre plus et me dit : n'est pas une appli Win32 valide
de plus les logiciels Flash8 et dreamweaver ne s'ouvrent plus
et aussi les liens recus par mails ouvrent le navigateur mais n'affiche rien...
En fait j'ai telechargé un logiciel pour faire des fonds d'ecran mais celui ci a travaillé en fond et plus rien...
J'ai suivi les conseils lus sur le net et j'ai installé ComboFix
Voici le rapport...Si quelqu'un peut m'aider
Un grand merci/avance

ComboFix 08-11-14.01 - m 2008-11-16 13:28:13.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1733 [GMT 1:00]
Commutateurs utilisés :: c:\documents and settings\m\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\m\Application Data\addon.dat
c:\documents and settings\m\Application Data\m
c:\documents and settings\m\Application Data\m\flec006.exe
c:\documents and settings\m\Application Data\m\shared\2003 FasterInternet PRO 1.0.zip
c:\documents and settings\m\Application Data\m\shared\3DM_Export_for_Solid_Edge_1.0.zip
c:\documents and settings\m\Application Data\m\shared\8BallClub_Online_Billiards_1.zip
c:\documents and settings\m\Application Data\m\shared\A-one_DVD_to_3GP_Ripper_6.40.zip
c:\documents and settings\m\Application Data\m\shared\A.M.L. - Full Edition
c:\documents and settings\m\Application Data\m\shared\Acala_DVD_to_Pocket_PC_Movie_2.4.2.zip
c:\documents and settings\m\Application Data\m\shared\Advanced_RSS_Mixer_Professional_3.1.58.zip
c:\documents and settings\m\Application Data\m\shared\Amic_Video_Converter_2.0_Cracked.zip
c:\documents and settings\m\Application Data\m\shared\Another IE Popup Killer 2.00.zip
c:\documents and settings\m\Application Data\m\shared\Art of Sargent Screensaver.zip
c:\documents and settings\m\Application Data\m\shared\Audio_File_Converter_1.0.zip
c:\documents and settings\m\Application Data\m\shared\AVIFrate_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Balloon_Browser_0.4.2.zip
c:\documents and settings\m\Application Data\m\shared\Battlefield_Vietnam_Dawn_of_Fate_Map_Pack.zip
c:\documents and settings\m\Application Data\m\shared\BazaarBuilder 4.0.zip
c:\documents and settings\m\Application Data\m\shared\Better_Gmail_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Binary_File_Splitter_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Brilliant Database Professional 7.1.zip
c:\documents and settings\m\Application Data\m\shared\Build-in_RSS_Client_1.0.2.294_[Serial].zip
c:\documents and settings\m\Application Data\m\shared\Ccy_Wallpaper_Changer_Pro_2.2.2_[With_Crack].zip
c:\documents and settings\m\Application Data\m\shared\Chameleon_Calendar_1.0_[Key].zip
c:\documents and settings\m\Application Data\m\shared\Check_Favorites_1.7_[Key+Serial].zip
c:\documents and settings\m\Application Data\m\shared\Chord_Alchemy_3.3.zip
c:\documents and settings\m\Application Data\m\shared\Clock XP 2003 20.3.zip
c:\documents and settings\m\Application Data\m\shared\CoderForm_3.0.zip
c:\documents and settings\m\Application Data\m\shared\CompactCharge 2.0.zip
c:\documents and settings\m\Application Data\m\shared\CoolWWWSearch SmartKiller MiniRemoval 1.0.zip
c:\documents and settings\m\Application Data\m\shared\DAD'S RECIPE 1.5.zip
c:\documents and settings\m\Application Data\m\shared\Data Protection Software 1.46 (Serial).zip
c:\documents and settings\m\Application Data\m\shared\Displaying
c:\documents and settings\m\Application Data\m\shared\Distribute_Virtual_Disk_Enterprise_1.4_Crack.zip
c:\documents and settings\m\Application Data\m\shared\Emailarchitect Email Server 7.5.zip
c:\documents and settings\m\Application Data\m\shared\EMS_SQL_Manager_2005_for_InterBase_and_Firebird_4.3.zip
c:\documents and settings\m\Application Data\m\shared\Equalizer Recorder 1.0.zip
c:\documents and settings\m\Application Data\m\shared\ESC_LoanCalc_1.2.zip
c:\documents and settings\m\Application Data\m\shared\Exit_Button_Thunderbird_0.5.zip
c:\documents and settings\m\Application Data\m\shared\Export Query to XML for SQL server 1.04.00.zip
c:\documents and settings\m\Application Data\m\shared\ExpressMirror 3.6.1.zip
c:\documents and settings\m\Application Data\m\shared\Fresh_Killed_Beats_1.2.zip
c:\documents and settings\m\Application Data\m\shared\Gathering_Clouds_Screen_Saver_2.0.zip
c:\documents and settings\m\Application Data\m\shared\Ghost MP3 CD Maker 2.0 (KeyGen).zip
c:\documents and settings\m\Application Data\m\shared\Happy Birthday Screensaver.zip
c:\documents and settings\m\Application Data\m\shared\High Visibility Animated Cursors 2.0c.zip
c:\documents and settings\m\Application Data\m\shared\HomeKey 96.5.zip
c:\documents and settings\m\Application Data\m\shared\HR_Control_Centre_5.0.zip
c:\documents and settings\m\Application Data\m\shared\IBFirstAID_Diagnostician_1.9.zip
c:\documents and settings\m\Application Data\m\shared\iControl 1.2.1.zip
c:\documents and settings\m\Application Data\m\shared\ICQ Message Sender 2.1.zip
c:\documents and settings\m\Application Data\m\shared\Infiltration_Recovery_Tool_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Jamail_3.0.1.65.zip
c:\documents and settings\m\Application Data\m\shared\Jupsat screensaver 1.0.zip
c:\documents and settings\m\Application Data\m\shared\Kaspersky.Personal.Security.Suite.+.antispam.+.antihacker.+.keys.2007.zip
c:\documents and settings\m\Application Data\m\shared\Keyhole Spy 1.12.zip
c:\documents and settings\m\Application Data\m\shared\LinearMath (Nokia Series 40) 1.zip
c:\documents and settings\m\Application Data\m\shared\LingvoSoft_Dictionary_2007_English_-_Azerbaijani_4.0.22.zip
c:\documents and settings\m\Application Data\m\shared\localTrezor 1.0.8.zip
c:\documents and settings\m\Application Data\m\shared\Lottoree 6.zip
c:\documents and settings\m\Application Data\m\shared\MB_Free_Birth_Star_1.0.zip
c:\documents and settings\m\Application Data\m\shared\MDK_demo_3.0.zip
c:\documents and settings\m\Application Data\m\shared\MemDB_Barcode_Maker_1.0_(Key+Serial).zip
c:\documents and settings\m\Application Data\m\shared\Mini-Bizz Invoicer 3.0a.zip
c:\documents and settings\m\Application Data\m\shared\MobiRise 3GP Converter 1.10.zip
c:\documents and settings\m\Application Data\m\shared\MP3_EasySplitter_2.14_[Patch].zip
c:\documents and settings\m\Application Data\m\shared\MP3_Recorder_XP_1.9.zip
c:\documents and settings\m\Application Data\m\shared\Network_Drive_Manager_2.4.0.zip
c:\documents and settings\m\Application Data\m\shared\No_Hawkers_-_AntiSpam_1.0.0.2a.zip
c:\documents and settings\m\Application Data\m\shared\NTFS Recovery Wizard 1.7.1.0.zip
c:\documents and settings\m\Application Data\m\shared\NTFSRatio 1.3.0.0.zip
c:\documents and settings\m\Application Data\m\shared\OSDeploy_1.0.2.zip
c:\documents and settings\m\Application Data\m\shared\Page2CHM 2.7a.zip
c:\documents and settings\m\Application Data\m\shared\Paint-By-Grids_3.0.2406.zip
c:\documents and settings\m\Application Data\m\shared\Panda.Titanium.Antivirus.Plus.Antispyware.20065.02.01.Multilanguage.3.WinALL.RETAIL-ARN.zip
c:\documents and settings\m\Application Data\m\shared\Panda_Screensaver_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Panzer_Dragoon_demo.zip
c:\documents and settings\m\Application Data\m\shared\PCS_Backup_Agent_1.0.001.zip
c:\documents and settings\m\Application Data\m\shared\Personal_Antispy_1.3.zip
c:\documents and settings\m\Application Data\m\shared\PhoneB_1.0.2.zip
c:\documents and settings\m\Application Data\m\shared\PixGPS_1.0.2.zip
c:\documents and settings\m\Application Data\m\shared\Pop-Up_Stopper_Professional_1.80.1.zip
c:\documents and settings\m\Application Data\m\shared\PowerPPT2Swf_2.0.0.5_Serial.zip
c:\documents and settings\m\Application Data\m\shared\Privoxy_3.0.5.zip
c:\documents and settings\m\Application Data\m\shared\PsMan 1.0.0.2.zip
c:\documents and settings\m\Application Data\m\shared\QuickFormz_1.0.5.zip
c:\documents and settings\m\Application Data\m\shared\QuickWrite S60 (English - French) 2.2.zip
c:\documents and settings\m\Application Data\m\shared\Reach-a-Mail 2.83.zip
c:\documents and settings\m\Application Data\m\shared\Remedy.FM 2.0.zip
c:\documents and settings\m\Application Data\m\shared\RHPortal 1.0.zip
c:\documents and settings\m\Application Data\m\shared\RocketMouse 99 4.52.zip
c:\documents and settings\m\Application Data\m\shared\SantaClaus_Hat_Icons.zip
c:\documents and settings\m\Application Data\m\shared\Savings_Calculator_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Secret_Caretaker_1.0.1032.27992.zip
c:\documents and settings\m\Application Data\m\shared\SendLater 2.04.0636.zip
c:\documents and settings\m\Application Data\m\shared\ShixxNOTE_Lite_5.home.zip
c:\documents and settings\m\Application Data\m\shared\SimSpeech 1.0.zip
c:\documents and settings\m\Application Data\m\shared\SMS PC text to Mobile 1.01.zip
c:\documents and settings\m\Application Data\m\shared\SoftCare_Overset_Manager_CS2_4.0.zip
c:\documents and settings\m\Application Data\m\shared\Space News 1.0.0.0.zip
c:\documents and settings\m\Application Data\m\shared\SpeedTrace Pro 2.00.zip
c:\documents and settings\m\Application Data\m\shared\St. Croix Live Harbor Cam 1.25.zip
c:\documents and settings\m\Application Data\m\shared\STLport 5.1.4.zip
c:\documents and settings\m\Application Data\m\shared\Sunbelt_Network_Security_Inspector_1.6.57.zip
c:\documents and settings\m\Application Data\m\shared\Sunflowers Screensaver1 1.0.zip
c:\documents and settings\m\Application Data\m\shared\Surf Safe Pilot 1.11.zip
c:\documents and settings\m\Application Data\m\shared\Synapse_1.0.zip
c:\documents and settings\m\Application Data\m\shared\SyncFolders_1.3.zip
c:\documents and settings\m\Application Data\m\shared\TAPI_Modem_ActiveX_1.0_(Crack).zip
c:\documents and settings\m\Application Data\m\shared\Terminal_Server_Console_TSCon_2.7_[Key+Serial].zip
c:\documents and settings\m\Application Data\m\shared\The Space Heater 1.0.zip
c:\documents and settings\m\Application Data\m\shared\The_Complete_Genealogy_Reporter_2008_Build_70808_(Serial).zip
c:\documents and settings\m\Application Data\m\shared\Timesheet Constructor 4.2.zip
c:\documents and settings\m\Application Data\m\shared\TimeWatch1_2.01.zip
c:\documents and settings\m\Application Data\m\shared\Tiny_Dialer_1.2_[Cracked].zip
c:\documents and settings\m\Application Data\m\shared\Tropical_Birds_ScreenSaver_1.0_KeyGen.zip
c:\documents and settings\m\Application Data\m\shared\Unreal Tournament 2003- Dark-Room map.zip
c:\documents and settings\m\Application Data\m\shared\vCard_Wizard_2.21.0080.zip
c:\documents and settings\m\Application Data\m\shared\Video_Randomizer_1.0_KeyGen.zip
c:\documents and settings\m\Application Data\m\shared\View_Source_Choice_0.3.1.zip
c:\documents and settings\m\Application Data\m\shared\VIP Task Manager Standard Edition 3.5.1 Build 523.zip
c:\documents and settings\m\Application Data\m\shared\VSPopUp_1.1.zip
c:\documents and settings\m\Application Data\m\shared\Wallperizer_1.2.1.zip
c:\documents and settings\m\Application Data\m\shared\Warcraft III - Frogger map.zip
c:\documents and settings\m\Application Data\m\shared\Web Security Guard 4.5.0.70.zip
c:\documents and settings\m\Application Data\m\shared\Windows MultiEnhancer 8.7.zip
c:\documents and settings\m\Application Data\m\shared\Windows_Mess_Cleaner_1.00.zip
c:\documents and settings\m\Application Data\m\shared\WinFuture xp-Iso-Builder 3.0.5.zip
c:\documents and settings\m\Application Data\m\shared\WPCREDIT_1.4.zip
c:\documents and settings\m\Application Data\m\shared\XJS for Windows 1.4.zip
c:\documents and settings\m\Application Data\m\shared\Zoekbank Toolbar 1.1.zip
C:\InfoSat.txt
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\103406.exe
c:\windows\system32\drivers\downld\105468.exe
c:\windows\system32\drivers\downld\110890.exe
c:\windows\system32\drivers\downld\118609.exe
c:\windows\system32\drivers\downld\123750.exe
c:\windows\system32\drivers\downld\128062.exe
c:\windows\system32\drivers\downld\138468.exe
c:\windows\system32\drivers\downld\227968.exe
c:\windows\system32\drivers\downld\230218.exe
c:\windows\system32\drivers\downld\249859.exe
c:\windows\system32\drivers\downld\251406.exe
c:\windows\system32\drivers\downld\261078.exe
c:\windows\system32\drivers\downld\267203.exe
c:\windows\system32\drivers\downld\272062.exe
c:\windows\system32\drivers\downld\278265.exe
c:\windows\system32\drivers\downld\282187.exe
c:\windows\system32\drivers\downld\296750.exe
c:\windows\system32\drivers\downld\300281.exe
c:\windows\system32\drivers\downld\307796.exe
c:\windows\system32\drivers\downld\307953.exe
c:\windows\system32\drivers\downld\311265.exe
c:\windows\system32\drivers\downld\312406.exe
c:\windows\system32\drivers\downld\327265.exe
c:\windows\system32\drivers\downld\353265.exe
c:\windows\system32\drivers\downld\358109.exe
c:\windows\system32\drivers\downld\373281.exe
c:\windows\system32\drivers\downld\383125.exe
c:\windows\system32\drivers\downld\390687.exe
c:\windows\system32\drivers\downld\447468.exe
c:\windows\system32\drivers\downld\455843.exe
c:\windows\system32\drivers\downld\469093.exe
c:\windows\system32\drivers\downld\539468.exe
c:\windows\system32\drivers\downld\561875.exe
c:\windows\system32\drivers\downld\72250.exe
c:\windows\system32\drivers\downld\74312.exe
c:\windows\system32\drivers\downld\87671.exe
c:\windows\system32\drivers\downld\93250.exe
c:\windows\system32\drivers\downld\97743734.exe
c:\windows\system32\drivers\downld\97745343.exe
c:\windows\system32\drivers\downld\97758187.exe
c:\windows\system32\drivers\downld\97762890.exe
c:\windows\system32\drivers\downld\97769515.exe
c:\windows\system32\drivers\downld\97778421.exe
c:\windows\system32\drivers\downld\97787843.exe
c:\windows\system32\drivers\downld\99140.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\MSINET.oca
c:\windows\system32\tmp84.tmp
c:\windows\system32\tmp85.tmp
c:\windows\system32\wintems.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://designer.extrafilm.fr
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.

2008-11-16 12:53 . 2008-11-16 12:54 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-16 12:53 . 2008-11-16 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 07:53 . 2008-11-16 12:25 7,168 --a------ c:\windows\system32\drivers\srosa2.sys
2008-11-13 13:41 . 2008-11-16 11:41 <REP> d-------- c:\program files\Amara - Flash Slide Show Builder
2008-11-13 13:40 . 2008-11-13 19:04 <REP> d-------- c:\program files\Amara - Flash News Ticker
2008-11-13 13:39 . 2008-11-13 19:11 <REP> d-------- c:\program files\Amara - Flash Intro and Banner Builder
2008-11-13 13:28 . 2008-11-13 19:25 <REP> d-------- c:\program files\Amara - Flash Photo Animation Software
2008-11-13 13:26 . 2008-11-16 08:38 <REP> d-------- c:\program files\Amara - Flash Menu Builder
2008-11-12 18:30 . 2008-11-12 18:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Anvsoft
2008-11-12 18:29 . 2008-11-12 18:29 <REP> d-------- c:\program files\Common Files
2008-11-11 11:28 . 2008-11-11 11:28 <REP> d-------- c:\program files\Eltima Software
2008-11-11 04:14 . 2008-11-15 15:40 <REP> d-------- c:\documents and settings\m\Application Data\gtk-2.0
2008-11-10 17:00 . 2008-11-10 17:00 <REP> d-------- c:\program files\SourceTec
2008-11-10 11:13 . 2008-11-11 11:28 125 --a------ c:\windows\fd3.INI
2008-11-10 08:03 . 2008-11-16 11:47 <REP> d-------- c:\program files\Fichiers communs\Macromedia
2008-11-09 18:06 . 2008-11-09 18:06 <REP> d-------- c:\documents and settings\m\Application Data\3DFA
2008-11-09 08:42 . 2008-11-09 08:45 <REP> d-------- c:\program files\Save Flash
2008-11-02 17:07 . 2008-11-11 11:28 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-02 17:07 . 2008-11-02 17:14 67 --a------ c:\windows\iltwain.ini
2008-11-01 15:12 . 2008-11-01 15:12 <REP> d-------- c:\windows\Logs
2008-11-01 12:08 . 2008-11-01 12:09 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-11-01 12:08 . 2008-11-01 12:08 45 ---h----- c:\windows\dsys8990.dat
2008-11-01 12:04 . 2008-11-01 12:04 <REP> d-------- c:\documents and settings\m\.thumbnails
2008-11-01 12:03 . 2008-11-15 15:40 <REP> d-------- c:\documents and settings\m\.gimp-2.6
2008-11-01 12:03 . 2008-11-01 12:03 <REP> d-------- c:\documents and settings\m\.gegl-0.0
2008-11-01 12:02 . 2008-11-01 12:02 <REP> d-------- c:\program files\Gimp-2.0
2008-10-31 17:40 . 2008-11-01 16:15 109 --a------ c:\windows\disney.ini
2008-10-28 19:10 . 2008-10-28 19:10 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-10-28 19:10 . 2008-10-28 19:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2008-10-28 19:09 . 2008-10-28 19:09 54,784 --a------ c:\windows\system32\drivers\CDAC11BA.EXE
2008-10-28 19:09 . 2008-10-28 19:09 12,464 --a------ c:\windows\system32\drivers\CdaC15BA.SYS
2008-10-28 18:08 . 2008-10-28 18:08 <REP> d-------- c:\documents and settings\m\Application Data\ExtraFilm
2008-10-28 18:07 . 2008-10-28 18:10 <REP> d-------- c:\program files\Extrafilm Designer FR
2008-10-28 18:07 . 2008-10-28 18:10 <REP> d-------- c:\documents and settings\All Users\Application Data\ExtraFilm
2008-10-28 18:07 . 2008-10-28 18:07 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-10-17 17:18 . 2008-10-17 17:18 <REP> d-------- c:\windows\system32\xlive

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 08:55 --------- d-----w c:\program files\PowerArchiver
2008-11-16 08:33 --------- d-----w c:\program files\eMule
2008-11-12 17:40 --------- d-----w c:\program files\WinFax eXPert
2008-11-12 17:40 --------- d-----w c:\program files\Media Player Classic
2008-11-12 17:40 --------- d-----w c:\program files\LiveUpdate
2008-11-12 17:40 --------- d-----w c:\program files\DMV2007
2008-11-12 17:40 --------- d-----w c:\program files\DivX
2008-11-10 15:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 05:50 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-09 13:23 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-08 07:25 --------- d-----w c:\program files\MSN Messenger
2008-11-08 07:25 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-01 16:29 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-01 16:29 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-01 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-11-01 15:43 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-01 15:43 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-19 14:20 --------- d-----w c:\documents and settings\m\Application Data\Faces
2008-10-08 16:22 --------- d-----w c:\program files\Star Defender 3
2008-10-04 18:39 --------- d-----w c:\documents and settings\m\Application Data\DivX
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-06-21 14:47 24,192 ----a-w c:\documents and settings\m\usbsermptxp.sys
2008-06-21 14:47 22,768 ----a-w c:\documents and settings\m\usbsermpt.sys
2008-06-14 13:55 92,064 ----a-w c:\documents and settings\m\mqdmmdm.sys
2008-06-14 13:55 9,232 ----a-w c:\documents and settings\m\mqdmmdfl.sys
2008-06-14 13:55 79,328 ----a-w c:\documents and settings\m\mqdmserd.sys
2008-06-14 13:55 66,656 ----a-w c:\documents and settings\m\mqdmbus.sys
2008-06-14 13:55 6,208 ----a-w c:\documents and settings\m\mqdmcmnt.sys
2008-06-14 13:55 5,936 ----a-w c:\documents and settings\m\mqdmwhnt.sys
2008-06-14 13:55 4,048 ----a-w c:\documents and settings\m\mqdmcr.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-02-09 6051144]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-08-25 1871872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-11-16 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-16 81000]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2007-02-06 252704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-25 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-25 185632]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-09-27 20480]
"Uninstall0001"="c:\program files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" [2008-03-23 57344]
"Uninstall0002"="c:\program files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" [2008-03-24 57344]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
E-Color.lnk - c:\program files\E-Color\Common\IconMgr.exe [2007-04-01 61440]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-03-15 127488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.vp31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^m^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\m\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\WinFax eXPert\\WinFax.exe"=
"c:\\Program Files\\WinFax eXPert\\BvrpKrnl.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64432:TCP"= 64432:TCP:eMuleTCP
"44362:UDP"= 44362:UDP:eMuleUDP
"135:TCP"= 135:TCP:Port DCOM (135)

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 sK9Ou0s;sK9Ou0s;\??\c:\windows\system32\drivers\srosa2.sys [2008-11-16 7168]
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 BvrpKrnl;BvrpKrnl;c:\program files\WinFax eXPert\BVRPKrnl.exe [2008-04-09 548864]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-06-22 42112]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2008-06-08 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2008-06-08 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2008-06-08 109704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\autorun.exe
\Shell\setup\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25474cd2-36f2-11dc-8334-001617925579}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{265a5727-cf08-11db-82a4-001617925579}]
\Shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c9d883c-ec37-11db-82db-001617925579}]
\Shell\AutoRun\command - J:\autorun.exe
\Shell\setup\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4caebf61-ce6a-11db-829d-001617925579}]
\Shell\AutoRun\command - H:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec5493e-2d6e-11dc-832f-001617925579}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfd119c2-c860-11db-bfea-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-16 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []

2008-11-16 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-LClock - c:\\Program Files\\LClock\\lclock.exe
HKCU-Run-P2kAutostart - (no file)
Notify-AtiExtEvent - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\m\Application Data\Mozilla\Firefox\Profiles\7hedgli1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 13:30:19
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIAudioi\SBADeck\ADeck.exe 1???\ ?|????e:\sound\VIA\vin???|???|?????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srosa]

.
Heure de fin: 2008-11-16 13:32:14
ComboFix-quarantined-files.txt 2008-11-16 12:32:04

Avant-CF: 1,531,207,680 octets libres
Après-CF: 1,941,454,848 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

429
Configuration: Windows XP
Internet Explorer 6.0

4 réponses

  1. mickimaiki Messages postés 587 Statut Membre 15
     
    franchement format ton ordi en essayant de sauvegarder ce qu'il y a a sauvegarder
    0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt il en reste

    c:\windows\system32\drivers\srosa2.sys

    vire tes cracks puis

    pour voir:

    Telecharge FindyKill sur ton bureau :

    --> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    --> Lance l installation avec les parametres par default

    --> Double clic sur le raccourci FindyKill sur ton bureau

    --> Au menu principal,choisi l option 1 (Recherche)

    --> Post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    0
    1. rastarocketer
       
      ----------------- FindyKill V4.700 ------------------

      * User : m - PC-MICHEL
      * Emplacement : C:\Program Files\FindyKill
      * Outils Mis a jours le 13/11/08 par Chiquitine29
      * Recherche effectuée à 14:44:50 le 16/11/2008
      * Windows XP - Internet Explorer 6.0.2900.2180

      ((((((((((((((((( *** Recherche *** ))))))))))))))))))


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\WINDOWS\system32\UAService7.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\m\Bureau\HiJackThis.exe
      C:\WINDOWS\system32\NOTEPAD.EXE

      --------------- [ Fichiers/Dossiers infectieux ] ----------------


      »»»» Presence des fichiers dans C:


      »»»» Presence des fichiers dans C:\WINDOWS


      »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

      Found ! - C:\WINDOWS\prefetch\105968.EXE-0B7F6E80.pf
      Found ! - C:\WINDOWS\prefetch\87671.EXE-1338E1A1.pf
      Found ! - C:\WINDOWS\prefetch\93250.EXE-27A9D4BB.pf
      Found ! - C:\WINDOWS\prefetch\97758187.EXE-1FBD099F.pf
      Found ! - C:\WINDOWS\prefetch\97762890.EXE-2F6B9FE6.pf
      Found ! - C:\WINDOWS\prefetch\97778421.EXE-11B15FF0.pf
      Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-13520BFC.pf
      Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
      Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
      Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
      Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-00157211.pf
      Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-05879299.pf
      Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-00157211.pf
      Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-05879299.pf
      Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-26AE8C79.pf
      Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-26AE8C79.pf

      »»»» Presence des fichiers dans C:\WINDOWS\system32


      »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

      Found ! [16/11/2008 12:25] - C:\WINDOWS\system32\drivers\srosa2.sys

      »»»» Presence des fichiers dans C:\Documents and Settings\m\Application Data


      »»»» Presence des fichiers dans C:\DOCUME~1\m\LOCALS~1\Temp


      »»»» Presence des fichiers dans C:\Documents and Settings\m\Local Settings\Temporary Internet Files\Content.IE5


      --------------- [ Registre / Startup ] ----------------


      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
      avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      SoundMan REG_SZ SOUNDMAN.EXE
      AudioDeck REG_SZ C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
      RaidTool REG_SZ C:\Program Files\VIA\RAID\raid_tool.exe
      LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
      LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      LVCOMSX REG_SZ "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
      NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      nwiz REG_SZ nwiz.exe /install
      NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
      Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
      TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
      ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      wcmdmgr REG_SZ C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
      Uninstall0001 REG_SZ "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
      Uninstall0002 REG_SZ "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

      ! REG.EXE VERSION 3.0

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
      swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      Pando REG_SZ "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
      NBJ REG_SZ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

      --------------- [ Registre / Clés infectieuses ] ----------------


      Found ! - HKEY_USERS\S-1-5-21-746137067-1993962763-725345543-1003\Software\Local AppWizard-Generated Applications\install_crack
      Found ! - HKEY_USERS\S-1-5-21-746137067-1993962763-725345543-1003\Software\Local AppWizard-Generated Applications\keygen
      Found ! - HKEY_USERS\S-1-5-21-746137067-1993962763-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

      --------------- [ Etat / Services ] ----------------



      +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

      /!\ Ndisuio - Type de démarrage = 4

      /!\ Ip6Fw - Type de démarrage = 4

      SharedAccess - Type de démarrage = 2

      wuauserv - Type de démarrage = 2

      wscsvc - Type de démarrage = 2



      --------------- [ Recherche dans supports amovibles] ----------------


      +- Informations :

      C: - Lecteur fixe

      F: - Lecteur fixe

      K: - Lecteur amovible
      0
      1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > rastarocketer
         
        parfait il a trouvé les bagles restant:



        Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


        --> Double clic sur le raccourci FindyKill sur ton bureau

        --> Au menu principal,choisi l option 2 (Suppression)


        /!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

        /!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

        -------> ensuite post le rapport FindyKill.txt

        Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
        Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides




        puis


        colle le rapport d'un scan en ligne
        avec un des suivants:


        bitdefender en ligne :
        http://www.bitdefender.fr/scan_fr/scan8/ie.html

        Panda en ligne :
        http://pandasoftware.fr

        Kaspersky en ligne
        https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
        0
  3. alin44 Messages postés 1958 Statut Membre 233
     
    télécharges ceci
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    exécutes
    poste le rapport et ne jettes rien avant examination
    0
    1. rastarocketer
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:42:32, on 16/11/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\UAService7.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\m\Bureau\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
      O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
      O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
      O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
      O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{355222FE-F66F-43BD-91A3-1E645AEB5A2A}: NameServer = 80.10.246.1,80.10.246.139
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
      O24 - Desktop Component 0: (no name) - http://tbn0.google.com/...
      0
  4. alin44 Messages postés 1958 Statut Membre 233
     
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl

    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimize

    ça c'est déjà très mauvais

    a fixer

    ()supprimer)

    vérifier s'il n'y a rien d'autre coché
    0