Infecté par Bagle !
Résolu/Fermé
A voir également:
- Infecté par Bagle !
- L'ordinateur de simon a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Jeux vidéo
- L'ordinateur de samantha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- Anti virus - Forum Antivirus
- Simon - Forum Cinéma / Télé
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? ✓ - Forum Virus
8 réponses
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
13 avril 2009 à 11:30
13 avril 2009 à 11:30
Bonjour
Télécharge FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistre-le sur ton bureau et pas ailleurs !
!! Déconnecte toi et ferme toutes les applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
Tuto : https://www.malekal.com/tutorial-findykill/
--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ). Puis laisse travailler l'outil sans rien toucher ...
Une fois terminé, poste le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Télécharge FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistre-le sur ton bureau et pas ailleurs !
!! Déconnecte toi et ferme toutes les applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
Tuto : https://www.malekal.com/tutorial-findykill/
--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ). Puis laisse travailler l'outil sans rien toucher ...
Une fois terminé, poste le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Utilisateur anonyme
13 avril 2009 à 11:31
13 avril 2009 à 11:31
quelque fois en parcourant les astuces du site de CCM les solutions sont à portée de mains, il suffit de cliquer dessus...comme pour le reste
http://www.commentcamarche.net/faq/sujet 9889 comment supprimer le virus beagle bagle
a+
http://www.commentcamarche.net/faq/sujet 9889 comment supprimer le virus beagle bagle
a+
J'ai utilisé findykill (option 1 et 2)
Voici les rapports de ces deux options - je ne sais pas si ca a changé quelquechose.
############################## [ FindyKill V4.722 ]
# User : francky (Administrateurs) # FRANCKY-6F30B50
# Update on 04/04/09 by Chiquitine29
# Start at: 13:34:27 | 13/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090412-0] 4.8.1335 [ (!) Disabled | Updated ]
# C:\ # Disque fixe local # 55,88 Go (8,79 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 488,01 Mo (191,48 Mo free) # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe
C:\Documents and Settings\francky\Application Data\m\flec006.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Processus infectieux stoppés ]
"C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe" (608)
"C:\Documents and Settings\francky\Application Data\m\flec006.exe" (612)
################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]
Found ! C:\WINDOWS\Prefetch\1553734.EXE-13644EF0.pf
Found ! C:\WINDOWS\Prefetch\1638406.EXE-2735FEC8.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-0311B438.pf
################## [ C:\WINDOWS\System32... ]
Found ! C:\WINDOWS\system32\drivers\down
################## [ C:\Documents and Settings\francky\Application Data ]
Found ! "C:\Documents and Settings\francky\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\francky\Application Data\m"
Found ! "C:\Documents and Settings\francky\Application Data\drivers"
Found ! "C:\Documents and Settings\francky\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\francky\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\francky\Application Data\drivers\downld"
################## [ C:\Documents and Settings\francky...\Temp Files... ]
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\34IF2455\b64_6[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\34IF2455\ieps[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_1[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_2[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_3[1].jpg
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\FFC
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
################## [ Recherche dans supports amovibles]
# Recherche fichiers connus :
Found ! "C:\Muestras"
################## [ Registre / Mountpoint2 ]
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\open\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\open\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\open\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
################## [ ! Fin du rapport # FindyKill V4.722 ! ]
*************************************************************************
############################## [ FindyKill V4.722 ]
# User : francky (Administrateurs) # FRANCKY-6F30B50
# Update on 04/04/09 by Chiquitine29
# Start at: 13:38:44 | 13/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090412-0] 4.8.1335 [ (!) Disabled | Updated ]
# C:\ # Disque fixe local # 55,88 Go (8,79 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]
Deleted ! C:\WINDOWS\Prefetch\1553734.EXE-13644EF0.pf
Deleted ! C:\WINDOWS\Prefetch\1638406.EXE-2735FEC8.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-0311B438.pf
################## [ C:\WINDOWS\System32... ]
Deleted ! C:\WINDOWS\system32\drivers\down
################## [ C:\Users\...\AppData\Roaming ]
Deleted ! "C:\Documents and Settings\francky\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\francky\Application Data\m"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers"
################## [ Cleaning .. Temp Files... ]
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\34IF2455\b64_6[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\34IF2455\ieps[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_1[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_2[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_3[1].jpg
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\FFC
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
# Deleting Files :
Deleted ! "C:\Muestras"
################## [ Registry / Mountpoint2 ]
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\explore\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\open\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\explore\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\open\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\explore\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\open\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe
CRC32 .. : a5af3027
MD5 .... : 3c8713183ebb29b04b580b300062045b
Deleted ! : C:\Program Files\Messenger\msmsgs.exe
# Taille : 851968 # MD5 : 3C8713183EBB29B04B580B300062045B
################## [ Corrupted files # Re-Installation required ]
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
################## [ ! End of Report # FindyKill V4.722 ! ]
Voici les rapports de ces deux options - je ne sais pas si ca a changé quelquechose.
############################## [ FindyKill V4.722 ]
# User : francky (Administrateurs) # FRANCKY-6F30B50
# Update on 04/04/09 by Chiquitine29
# Start at: 13:34:27 | 13/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090412-0] 4.8.1335 [ (!) Disabled | Updated ]
# C:\ # Disque fixe local # 55,88 Go (8,79 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 488,01 Mo (191,48 Mo free) # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe
C:\Documents and Settings\francky\Application Data\m\flec006.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Processus infectieux stoppés ]
"C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe" (608)
"C:\Documents and Settings\francky\Application Data\m\flec006.exe" (612)
################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]
Found ! C:\WINDOWS\Prefetch\1553734.EXE-13644EF0.pf
Found ! C:\WINDOWS\Prefetch\1638406.EXE-2735FEC8.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-0311B438.pf
################## [ C:\WINDOWS\System32... ]
Found ! C:\WINDOWS\system32\drivers\down
################## [ C:\Documents and Settings\francky\Application Data ]
Found ! "C:\Documents and Settings\francky\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\francky\Application Data\m"
Found ! "C:\Documents and Settings\francky\Application Data\drivers"
Found ! "C:\Documents and Settings\francky\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\francky\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\francky\Application Data\drivers\downld"
################## [ C:\Documents and Settings\francky...\Temp Files... ]
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\34IF2455\b64_6[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\34IF2455\ieps[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_1[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_2[1].jpg
Found ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_3[1].jpg
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\FFC
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
################## [ Recherche dans supports amovibles]
# Recherche fichiers connus :
Found ! "C:\Muestras"
################## [ Registre / Mountpoint2 ]
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\open\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\open\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\open\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
################## [ ! Fin du rapport # FindyKill V4.722 ! ]
*************************************************************************
############################## [ FindyKill V4.722 ]
# User : francky (Administrateurs) # FRANCKY-6F30B50
# Update on 04/04/09 by Chiquitine29
# Start at: 13:38:44 | 13/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090412-0] 4.8.1335 [ (!) Disabled | Updated ]
# C:\ # Disque fixe local # 55,88 Go (8,79 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]
Deleted ! C:\WINDOWS\Prefetch\1553734.EXE-13644EF0.pf
Deleted ! C:\WINDOWS\Prefetch\1638406.EXE-2735FEC8.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-0311B438.pf
################## [ C:\WINDOWS\System32... ]
Deleted ! C:\WINDOWS\system32\drivers\down
################## [ C:\Users\...\AppData\Roaming ]
Deleted ! "C:\Documents and Settings\francky\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\francky\Application Data\m"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\francky\Application Data\drivers"
################## [ Cleaning .. Temp Files... ]
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\34IF2455\b64_6[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\34IF2455\ieps[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_1[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_2[1].jpg
Deleted ! C:\Documents and Settings\francky\Local Settings\Temporary Internet Files\Content.IE5\V0FGU51K\b64_3[1].jpg
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1454471165-963894560-725345543-1004\Software\FFC
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
# Deleting Files :
Deleted ! "C:\Muestras"
################## [ Registry / Mountpoint2 ]
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\explore\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\open\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\explore\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\open\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\explore\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\open\Command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Documents and Settings\francky\Application Data\drivers\winupgro.exe
CRC32 .. : a5af3027
MD5 .... : 3c8713183ebb29b04b580b300062045b
Deleted ! : C:\Program Files\Messenger\msmsgs.exe
# Taille : 851968 # MD5 : 3C8713183EBB29B04B580B300062045B
################## [ Corrupted files # Re-Installation required ]
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
################## [ ! End of Report # FindyKill V4.722 ! ]
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
13 avril 2009 à 12:30
13 avril 2009 à 12:30
Bien.
Comme tu as vu, Avast en a prit un bon coup dans l'aile ;-)
Réinstalle-le.
Ensuite :
Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
* Enregistre HJTInstall.exe sur ton bureau.
* Double-clique sur HJTInstall.exe pour lancer le programme
Tuto : https://www.malekal.com/tutoriel-hijackthis/
http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
* Colle le rapport que tu viens de copier sur ce forum
Comme tu as vu, Avast en a prit un bon coup dans l'aile ;-)
Réinstalle-le.
Ensuite :
Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
* Enregistre HJTInstall.exe sur ton bureau.
* Double-clique sur HJTInstall.exe pour lancer le programme
Tuto : https://www.malekal.com/tutoriel-hijackthis/
http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
* Colle le rapport que tu viens de copier sur ce forum
Salut, merci de m'aider.
Dans ma panique j'ai fait Hijakthis avant de remettre Avast.
J'espere que ce n'est pas grave.
Pour avast j'ai du redémarrer. Et maintenant internet remarche (je revis!)
Bon j'ai refait hijack apres avoir mis avast :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:04, on 13/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Dans ma panique j'ai fait Hijakthis avant de remettre Avast.
J'espere que ce n'est pas grave.
Pour avast j'ai du redémarrer. Et maintenant internet remarche (je revis!)
Bon j'ai refait hijack apres avoir mis avast :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:04, on 13/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
13 avril 2009 à 13:11
13 avril 2009 à 13:11
Tu as une autre infection :
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
Télécharge UsbFix de chiquitine29 sur ton bureau
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
--> Lance l installation avec les paramètres par défaut
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Choisis l’option 1 (nettoyage)
--> Le PC va redémarrer
-->Après redémarrage poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
Télécharge UsbFix de chiquitine29 sur ton bureau
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
--> Lance l installation avec les paramètres par défaut
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Choisis l’option 1 (nettoyage)
--> Le PC va redémarrer
-->Après redémarrage poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
Pfiou ! J'ai eu le plus grand mal à faire cette manoeuvre ! Vu que je devais connecter mes ports USB etc mais pour pouvoir transférer le rapport sur l'autre ordi je devais en déconnecter un (de ports extérieurs) pour l'utiliser et je n'étais pas sur--bref bref, voici :
############################## [ UsbFix V3.006 ]
# User : francky (Administrateurs) # FRANCKY-6F30B50
# Update on 11/04/09 by C_XX & Chiquitine29
# Start at: 15:21:41 | 13/04/2009
# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090412-0] 4.8.1335 [ Enabled | Updated ]
# C:\ # Disque fixe local # 55,88 Go (9,46 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 7,45 Go (4,51 Go free) [UDISK] # FAT32
# G:\ # Disque amovible # 488,01 Mo (158,74 Mo free) # FAT32
# H:\ # Disque fixe local # 298,02 Go (88,74 Go free) [LaCie] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.msn.com/fr-fr/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="francky"
HKLM_logon: "AltDefaultUserName"="francky"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: Apoint=C:\Program Files\Apoint2K\Apoint.exe
HKLM_Run: AGRSMMSG=AGRSMMSG.exe
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: UpdateManager="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
HKLM_Run: eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: HPHUPD05=c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HKLM_Run: HP Software Update="c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
HKLM_Run: HPHmon05=C:\WINDOWS\system32\hphmon05.exe
HKLM_Run: RavAV=C:\WINDOWS\AdobeR.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: RecordNow!=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
HKCU_Run: Wallpaper="C:\Program Files\Wallpaper\Wallpaper.exe" Starter
HKLM_System: "EnableLUA"=dword:00000000
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés infectieuses ]
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "RavAV"
################## [ Registre # Mountpoint2 ]
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\Auto\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\Auto\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\Auto\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9069dce-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\Auto\Command
################## [ ! Fin du rapport # UsbFix V3.006 ! ]
############################## [ UsbFix V3.006 ]
# User : francky (Administrateurs) # FRANCKY-6F30B50
# Update on 11/04/09 by C_XX & Chiquitine29
# Start at: 15:21:41 | 13/04/2009
# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090412-0] 4.8.1335 [ Enabled | Updated ]
# C:\ # Disque fixe local # 55,88 Go (9,46 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 7,45 Go (4,51 Go free) [UDISK] # FAT32
# G:\ # Disque amovible # 488,01 Mo (158,74 Mo free) # FAT32
# H:\ # Disque fixe local # 298,02 Go (88,74 Go free) [LaCie] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.msn.com/fr-fr/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="francky"
HKLM_logon: "AltDefaultUserName"="francky"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: Apoint=C:\Program Files\Apoint2K\Apoint.exe
HKLM_Run: AGRSMMSG=AGRSMMSG.exe
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: UpdateManager="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
HKLM_Run: eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: HPHUPD05=c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HKLM_Run: HP Software Update="c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
HKLM_Run: HPHmon05=C:\WINDOWS\system32\hphmon05.exe
HKLM_Run: RavAV=C:\WINDOWS\AdobeR.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: RecordNow!=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
HKCU_Run: Wallpaper="C:\Program Files\Wallpaper\Wallpaper.exe" Starter
HKLM_System: "EnableLUA"=dword:00000000
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés infectieuses ]
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "RavAV"
################## [ Registre # Mountpoint2 ]
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\Auto\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\Auto\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\Auto\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9069dce-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\Auto\Command
################## [ ! Fin du rapport # UsbFix V3.006 ! ]
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
13 avril 2009 à 13:50
13 avril 2009 à 13:50
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau
# choisi l’option 2 ( Suppression )
# Ton bureau disparaitra et le pc redémarrera .
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l’outil.
# Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Double clic sur le raccourci UsbFix présent sur ton bureau
# choisi l’option 2 ( Suppression )
# Ton bureau disparaitra et le pc redémarrera .
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l’outil.
# Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Et voilà :
############################## [ UsbFix V3.006 ]
# User : francky (Administrateurs) # FRANCKY-6F30B50
# Update on 11/04/09 by C_XX & Chiquitine29
# Start at: 15:55:44 | 13/04/2009
# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090412-0] 4.8.1335 [ Enabled | Updated ]
# C:\ # Disque fixe local # 55,88 Go (9,46 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 7,45 Go (4,51 Go free) [UDISK] # FAT32
# G:\ # Disque amovible # 488,01 Mo (158,73 Mo free) # FAT32
# H:\ # Disque fixe local # 298,02 Go (88,74 Go free) [LaCie] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés infectieuses ]
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "RavAV"
################## [ Registre # Mountpoint2 ]
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\Auto\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\Auto\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\Auto\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dce-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\Auto\Command
################## [ Listing des fichiers présent ]
C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
G:\ELIBAGLA.EXE
G:\FindyKill.exe
G:\setupfre.exe
G:\antivir_workstation_winu_fr_h(2).exe
G:\HJTInstall.exe
G:\UsbFix.exe
################## [ ! Fin du rapport # UsbFix V3.006 ! ]
############################## [ UsbFix V3.006 ]
# User : francky (Administrateurs) # FRANCKY-6F30B50
# Update on 11/04/09 by C_XX & Chiquitine29
# Start at: 15:55:44 | 13/04/2009
# AMD Athlon(tm) 64 Processor 3400+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090412-0] 4.8.1335 [ Enabled | Updated ]
# C:\ # Disque fixe local # 55,88 Go (9,46 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 7,45 Go (4,51 Go free) [UDISK] # FAT32
# G:\ # Disque amovible # 488,01 Mo (158,73 Mo free) # FAT32
# H:\ # Disque fixe local # 298,02 Go (88,74 Go free) [LaCie] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés infectieuses ]
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "RavAV"
################## [ Registre # Mountpoint2 ]
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{133fc780-1411-11dc-b64b-00904ba3b2be}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70490c55-eb22-11db-b5fe-b74c4c1945d7}\Shell\Auto\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ed07fee-90b1-11dd-b79a-000fb04ba166}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d71d7b4-ee9f-11dc-b70d-000fb04ba166}\Shell\Auto\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a542d3-e99f-11db-b5fb-000fb04ba166}\Shell\Auto\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3847d8-6d26-11dc-b693-000fb04ba166}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dce-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9069dd0-6287-11dc-b689-000fb04ba166}\Shell\Auto\Command
################## [ Listing des fichiers présent ]
C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
G:\ELIBAGLA.EXE
G:\FindyKill.exe
G:\setupfre.exe
G:\antivir_workstation_winu_fr_h(2).exe
G:\HJTInstall.exe
G:\UsbFix.exe
################## [ ! Fin du rapport # UsbFix V3.006 ! ]
Tu ne réponds plus toptitbal, je suppose donc que c'est la fin? Qu'il ne me reste plus rien à faire?
Dans ce cas je te remercie mille fois pour ton aide! Je n'aurai pas pu m'en sortir sans toi !
Je marque donc ce message comme résolu...
Dans ce cas je te remercie mille fois pour ton aide! Je n'aurai pas pu m'en sortir sans toi !
Je marque donc ce message comme résolu...
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
13 avril 2009 à 14:47
13 avril 2009 à 14:47
Fais quand même un nouvel Hijackthis pour vérifier.
13 avril 2009 à 12:09
Amoa, je suis déjà tombé sur la page que tu propose mais j'ai lu que pour chaque personne la solution était différente...