PC infecté plusieurs win 32 VBS:malware-gen
Fermé
laurent31
-
23 oct. 2008 à 04:50
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 23 oct. 2008 à 04:54
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 23 oct. 2008 à 04:54
Bonjour,
Mon PC depuis plusieurs jours reste infecté par plusieurs virus du type WIN32 (spyware-gen,trojn-gen,adware-gen,gamona...) et par VBS:malware-gen aprés que j'ai lancé l'anti virus secuser en ligne qui ne les détecte pas .
J'ai aussi lancé AVAST dont j'ai mis les derneirs avertissements à la fin de ce message mais je n'ose pas supprimer les fichiers avec AVAST de peur qu'ils ne soient important.
Je mets ci dessous le log de hijackthis qui d'apres ce que j'ai lu sur ce forum pourra etre utile à la personne qui viendra à mon secour;
Je voudrais bien sur eviter absolument de formater mon disque ou de reinstaller windows.
J'ai windows XP.
N'etant pas un expert informatique je ne sais pas ce qu'il convient de faire.
Merci aux personnes qui me repondront.
log de hijackthis
ComboFix 08-10-21.01 - Administrateur 2008-10-22 6:17:16.1 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.232 [GMT 2:00]
Lancé depuis: D:\Downloads\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Laurent F\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\Laurent F\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\Documents and Settings\Laurent F\winlogo.exe
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon\log.txt
C:\Documents and Settings\Martine S\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\network monitor
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\license.txt
C:\Program Files\webhancer\Programs\readme.txt
C:\Program Files\webhancer\Programs\sporder.dll
C:\Program Files\webhancer\Programs\whagent.ini
C:\Program Files\webhancer\Programs\whinstaller.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\XP\system32\atmtd.dll
C:\WINDOWS\XP\system32\atmtd.dll._
C:\WINDOWS\XP\system32\chkxdk.dll
C:\WINDOWS\XP\system32\ewlqupkc.dll
C:\WINDOWS\XP\system32\fqoqjj.dll
C:\WINDOWS\XP\System32\geBrpoPI.dll
C:\WINDOWS\XP\system32\iciaeqln.ini
C:\WINDOWS\XP\system32\iosubwav.dll
C:\WINDOWS\XP\system32\IPoprBeg.ini
C:\WINDOWS\XP\system32\IPoprBeg.ini2
C:\WINDOWS\XP\system32\jowaegjw.ini
C:\WINDOWS\XP\system32\jsakvoir.dll
C:\WINDOWS\XP\system32\kmukmcsx.exe
C:\WINDOWS\XP\system32\MSINET.oca
C:\WINDOWS\XP\system32\msnav32.ax
C:\WINDOWS\XP\system32\pac.txt
C:\WINDOWS\XP\system32\pvubxo.dll
C:\WINDOWS\XP\system32\qecncnwl.dll
C:\WINDOWS\XP\system32\sthnsitk.dll
C:\WINDOWS\XP\system32\teeoeuyu.ini
C:\WINDOWS\XP\system32\uqdzta.dll
C:\WINDOWS\XP\system32\uqjxdsmw.ini
C:\WINDOWS\XP\system32\vcobbsrh.ini
C:\WINDOWS\XP\system32\winlogo.exe
C:\WINDOWS\XP\system32\winpfz33.sys
C:\WINDOWS\XP\system32\wjgeawoj.dll
C:\WINDOWS\XP\system32\xhwdkpda.dll
C:\WINDOWS\XP\system32\xiddvmmg.exe
C:\WINDOWS\XP\system32\xsxpgoxf.dll
C:\WINDOWS\XP\system32\ycqikidf.dll
C:\WINDOWS\XP\system32\zxdnt3d.cfg
C:\WINDOWS\XP\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))
.
2008-10-21 21:04 . 2008-10-21 21:04 20,521,845 --a------ C:\WINDOWS\XP\LPT$VPN.609
2008-10-21 21:03 . 2008-10-21 21:04 <REP> d-------- C:\WINDOWS\XP\AU_Temp
2008-10-21 21:03 . 2008-10-21 21:04 20,521,845 --a------ C:\WINDOWS\XP\VPTNFILE.609
2008-10-20 11:37 . 2002-12-12 01:34 208,896 --a------ C:\WINDOWS\XP\system32\wmpns.dll
2008-10-20 11:35 . 2008-10-20 11:35 <REP> d-------- C:\My Music
2008-10-20 07:39 . 2007-09-11 19:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-20 07:39 . 2007-09-11 19:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-20 07:39 . 2007-09-11 18:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-20 07:39 . 2008-10-20 11:37 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-20 07:39 . 2007-09-11 19:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-20 07:39 . 2008-10-20 07:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-10-20 07:39 . 2007-09-11 19:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-20 07:39 . 2008-10-20 07:39 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-20 07:35 . 2008-10-20 07:35 207 --a------ C:\Documents and Settings\Laurent F\2626.bat
2008-10-20 07:20 . 2008-10-20 07:20 90,915 --a------ C:\WINDOWS\XP\system32\dpooowpwxy.dll-uninst.exe
2008-10-20 07:20 . 2008-10-20 07:20 207 --a------ C:\Documents and Settings\Laurent F\7041.bat
2008-10-20 07:05 . 2008-10-20 07:05 207 --a------ C:\Documents and Settings\Laurent F\5755.bat
2008-10-20 06:50 . 2008-10-20 06:50 207 --a------ C:\Documents and Settings\Laurent F\5625.bat
2008-10-20 06:38 . 2008-10-20 06:38 207 --a------ C:\Documents and Settings\Laurent F\4120.bat
2008-10-20 06:20 . 2008-10-20 06:20 207 --a------ C:\Documents and Settings\Laurent F\1452.bat
2008-10-20 06:05 . 2008-10-20 06:05 207 --a------ C:\Documents and Settings\Laurent F\4769.bat
2008-10-20 05:50 . 2008-10-20 05:50 207 --a------ C:\Documents and Settings\Laurent F\9631.bat
2008-10-20 05:20 . 2008-10-20 05:20 207 --a------ C:\Documents and Settings\Laurent F\1043.bat
2008-10-20 05:05 . 2008-10-20 05:05 207 --a------ C:\Documents and Settings\Laurent F\9628.bat
2008-10-20 04:50 . 2008-10-20 04:50 207 --a------ C:\Documents and Settings\Laurent F\5774.bat
2008-10-20 04:35 . 2008-10-20 04:35 207 --a------ C:\Documents and Settings\Laurent F\6218.bat
2008-10-20 04:20 . 2008-10-20 04:20 207 --a------ C:\Documents and Settings\Laurent F\7609.bat
2008-10-20 04:05 . 2008-10-20 04:05 207 --a------ C:\Documents and Settings\Laurent F\7201.bat
2008-10-20 03:50 . 2008-10-20 03:50 207 --a------ C:\Documents and Settings\Laurent F\7105.bat
2008-10-20 03:35 . 2008-10-20 03:35 207 --a------ C:\Documents and Settings\Laurent F\5671.bat
2008-10-20 03:20 . 2008-10-20 03:20 207 --a------ C:\Documents and Settings\Laurent F\1817.bat
2008-10-20 03:05 . 2008-10-20 03:05 207 --a------ C:\Documents and Settings\Laurent F\6403.bat
2008-10-20 02:50 . 2008-10-20 02:50 207 --a------ C:\Documents and Settings\Laurent F\5926.bat
2008-10-20 02:35 . 2008-10-20 02:35 207 --a------ C:\Documents and Settings\Laurent F\2687.bat
2008-10-20 02:20 . 2008-10-20 05:35 207 --a------ C:\Documents and Settings\Laurent F\4691.bat
2008-10-20 02:05 . 2008-10-20 02:05 207 --a------ C:\Documents and Settings\Laurent F\9617.bat
2008-10-20 01:50 . 2008-10-20 01:50 207 --a------ C:\Documents and Settings\Laurent F\7274.bat
2008-10-20 01:35 . 2008-10-20 01:35 207 --a------ C:\Documents and Settings\Laurent F\6961.bat
2008-10-20 01:17 . 2008-10-20 01:17 <REP> d-------- C:\WINDOWS\XP\Sun
2008-10-20 01:16 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\XP\system32\jpicpl32.cpl
2008-10-20 01:15 . 2008-10-20 01:16 <REP> d-------- C:\Program Files\Java
2008-10-20 01:15 . 2008-10-20 01:15 207 --a------ C:\Documents and Settings\Laurent F\6105.bat
2008-10-20 01:14 . 2008-10-20 01:14 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-20 01:00 . 2008-10-20 01:00 207 --a------ C:\Documents and Settings\Laurent F\3506.bat
2008-10-20 00:45 . 2008-10-20 00:45 207 --a------ C:\Documents and Settings\Laurent F\9853.bat
2008-10-20 00:30 . 2008-10-20 00:30 207 --a------ C:\Documents and Settings\Laurent F\3129.bat
2008-10-20 00:15 . 2008-10-20 00:15 207 --a------ C:\Documents and Settings\Laurent F\1750.bat
2008-10-20 00:00 . 2008-10-20 00:00 207 --a------ C:\Documents and Settings\Laurent F\8129.bat
2008-10-19 23:45 . 2008-10-19 23:45 207 --a------ C:\Documents and Settings\Laurent F\5296.bat
2008-10-19 23:30 . 2008-10-19 23:30 207 --a------ C:\Documents and Settings\Laurent F\1487.bat
2008-10-19 23:15 . 2008-10-19 23:15 207 --a------ C:\Documents and Settings\Laurent F\4440.bat
2008-10-19 23:00 . 2008-10-19 23:00 207 --a------ C:\Documents and Settings\Laurent F\7030.bat
2008-10-19 22:45 . 2008-10-19 22:45 207 --a------ C:\Documents and Settings\Laurent F\7819.bat
2008-10-19 22:26 . 2008-10-19 22:26 207 --a------ C:\Documents and Settings\Laurent F\8786.bat
2008-10-19 22:11 . 2008-10-19 22:11 207 --a------ C:\Documents and Settings\Laurent F\6903.bat
2008-10-19 21:56 . 2008-10-19 21:56 207 --a------ C:\Documents and Settings\Laurent F\4639.bat
2008-10-19 21:41 . 2008-10-19 21:41 207 --a------ C:\Documents and Settings\Laurent F\5276.bat
2008-10-19 21:26 . 2008-10-19 21:26 207 --a------ C:\Documents and Settings\Laurent F\9391.bat
2008-10-19 21:11 . 2008-10-19 21:11 207 --a------ C:\Documents and Settings\Laurent F\4465.bat
2008-10-19 20:58 . 2008-10-20 01:11 <REP> d-------- C:\WINDOWS\XP\avxoscan
2008-10-19 20:56 . 2008-10-19 20:56 207 --a------ C:\Documents and Settings\Laurent F\4830.bat
2008-10-19 20:43 . 2008-10-19 20:56 <REP> d-------- C:\WINDOWS\XP\BDOSCAN8
2008-10-19 20:41 . 2008-10-19 20:41 207 --a------ C:\Documents and Settings\Laurent F\5922.bat
2008-10-19 20:26 . 2008-10-19 20:26 207 --a------ C:\Documents and Settings\Laurent F\4362.bat
2008-10-19 20:11 . 2008-10-19 20:11 207 --a------ C:\Documents and Settings\Laurent F\5628.bat
2008-10-19 19:56 . 2008-10-19 19:56 207 --a------ C:\Documents and Settings\Laurent F\4917.bat
2008-10-19 19:41 . 2008-10-19 19:41 207 --a------ C:\Documents and Settings\Laurent F\4290.bat
2008-10-19 19:26 . 2008-10-19 19:26 207 --a------ C:\Documents and Settings\Laurent F\7261.bat
2008-10-19 19:11 . 2008-10-19 19:11 207 --a------ C:\Documents and Settings\Laurent F\7277.bat
2008-10-19 18:56 . 2008-10-19 18:56 207 --a------ C:\Documents and Settings\Laurent F\6774.bat
2008-10-19 18:41 . 2008-10-19 18:41 207 --a------ C:\Documents and Settings\Laurent F\9162.bat
2008-10-19 18:25 . 2008-10-19 18:25 207 --a------ C:\Documents and Settings\Laurent F\4360.bat
2008-10-19 18:10 . 2008-10-19 18:10 207 --a------ C:\Documents and Settings\Laurent F\5517.bat
2008-10-19 17:55 . 2008-10-19 17:55 207 --a------ C:\Documents and Settings\Laurent F\2283.bat
2008-10-19 17:41 . 2008-10-19 17:41 207 --a------ C:\Documents and Settings\Laurent F\5793.bat
2008-10-19 17:25 . 2008-10-19 17:25 207 --a------ C:\Documents and Settings\Laurent F\7054.bat
2008-10-19 17:10 . 2008-10-19 17:10 207 --a------ C:\Documents and Settings\Laurent F\7255.bat
2008-10-19 16:55 . 2008-10-19 16:55 207 --a------ C:\Documents and Settings\Laurent F\3642.bat
2008-10-19 16:40 . 2008-10-19 16:40 207 --a------ C:\Documents and Settings\Laurent F\6016.bat
2008-10-19 12:01 . 2008-10-19 20:17 <REP> d-------- C:\WINDOWS\XP\system32\xp2
2008-10-19 12:01 . 2008-10-20 22:23 <REP> d-------- C:\WINDOWS\XP\system32\vm
2008-10-19 12:01 . 2008-10-19 20:17 <REP> d-------- C:\WINDOWS\XP\system32\mci
2008-10-19 12:01 . 2008-10-20 22:11 <REP> d--hs---- C:\WINDOWS\XP\bG9sbw
2008-10-19 12:01 . 2008-10-19 12:01 64,859 --a------ C:\WINDOWS\XP\system32\odxzovilbi.exe
2008-10-19 12:01 . 2008-10-19 12:01 207 --a------ C:\WINDOWS\XP\system32\6230.bat
2008-10-19 12:00 . 2008-10-20 22:21 <REP> d-------- C:\WINDOWS\XP\system32\EV13
2008-10-19 12:00 . 2008-10-19 12:01 <REP> d-------- C:\Temp\xp34
2008-10-19 12:00 . 2008-10-22 06:17 <REP> d-------- C:\Temp
2008-10-19 12:00 . 2008-10-20 01:20 147,456 --a------ C:\WINDOWS\XP\system32\vbzip10.dll
2008-10-18 09:40 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\XP\system32\qcut.dll
2008-10-18 09:40 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\XP\system32\dxtmsft3.dll
2008-10-18 09:40 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\XP\system32\tm20dec.ax
2008-10-18 09:40 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\XP\system32\unam4ie.exe
2008-10-18 09:40 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\XP\system32\LMRTREND.dll
2008-10-18 09:40 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\XP\system32\mciqtz.drv
2008-10-18 09:40 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\XP\system32\vidx16.dll
2008-10-18 09:40 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\XP\system32\quartz.vxd
2008-10-18 09:40 . 2008-10-18 09:40 4,608 --a------ C:\WINDOWS\XP\system32\w95inf32.dll
2008-10-18 09:40 . 2008-10-18 09:40 2,272 --a------ C:\WINDOWS\XP\system32\w95inf16.dll
2008-10-18 09:40 . 2008-10-20 13:54 63 --a------ C:\WINDOWS\XP\CIV.INI
2008-10-17 15:01 . 2008-10-17 15:01 54,156 --ah----- C:\WINDOWS\XP\QTFont.qfn
2008-10-17 15:01 . 2008-10-17 15:01 1,409 --a------ C:\WINDOWS\XP\QTFont.for
2008-10-12 12:18 . 2008-10-12 12:18 <REP> d-------- C:\WINDOWS\XP\Downloaded Installations
2008-10-12 12:18 . 2008-10-12 12:18 <REP> d-------- C:\Program Files\D-Tools
2008-10-12 12:18 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\XP\system32\drivers\d347bus.sys
2008-10-12 12:18 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\XP\system32\drivers\d347prt.sys
2008-09-22 09:16 . 2008-09-22 09:16 <REP> d-------- C:\Program Files\Capturino V2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 19:04 91,744 ----a-w C:\WINDOWS\XP\BPMNT.dll
2008-10-21 19:04 1,213,784 ----a-w C:\WINDOWS\XP\vsapi32.dll
2008-10-18 16:50 --------- d-----w C:\Program Files\Free Easy Burner
2008-09-21 17:20 --------- d-----w C:\Program Files\Arcade Minesweeper
2008-09-21 17:13 --------- d-----w C:\Program Files\Minesweeper Clone
2008-09-02 21:14 --------- d-----w C:\Program Files\IrfanView
2008-08-12 17:20 71,749 ----a-w C:\WINDOWS\XP\hcextoutput.dll
2008-08-12 17:20 333,576 ----a-w C:\WINDOWS\XP\tsc.exe
2008-03-05 13:36 51,528 ----a-w C:\Documents and Settings\Martine S\Application Data\GDIPFONTCACHEV1.DAT
2008-02-03 21:18 51,528 ----a-w C:\Documents and Settings\Laurent F\Application Data\GDIPFONTCACHEV1.DAT
2007-08-24 18:02 59,048 ----a-w C:\Documents and Settings\Martine\Application Data\GDIPFONTCACHEV1.DAT
2007-07-04 18:17 57,480 ----a-w C:\Documents and Settings\Laurent\Application Data\GDIPFONTCACHEV1.DAT
2007-07-02 18:52 87,608 ----a-w C:\Documents and Settings\Martine\Application Data\ezpinst.exe
2007-07-02 18:52 47,360 ----a-w C:\Documents and Settings\Martine\Application Data\pcouffin.sys
2007-04-03 02:20 7,201 ----a-w C:\Program Files\!!!!!!gagnez de l'argent facile sur internet!!!!!!!!!!!.rtf
2007-03-22 21:35 12,795,657 ----a-w C:\Program Files\Windows Media Player v.11b Français(Windows XP)(lecteur vidéo et audio).rar
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\XP\System32\CTFMON.EXE" [2001-08-28 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast_2K"="C:\WINDOWS\XP\System32\WF2K.EXE" [2001-10-23 2191360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="C:\WINDOWS\XP\System32\NvCpl.dll" [2006-11-17 7700480]
"NvMediaCenter"="C:\WINDOWS\XP\System32\NvMcTray.dll" [2006-11-17 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-26 180269]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"WinFast2KLoadDefault"="wf2kcpl.dll" [2001-09-25 C:\WINDOWS\XP\system32\WF2KCPL.dll]
"nwiz"="nwiz.exe" [2006-11-17 C:\WINDOWS\XP\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\XP\System32\CTFMON.EXE" [2001-08-28 13312]
C:\Documents and Settings\All Users.XP\Menu D‚marrer\Programmes\D‚marrage\
Corel Family & Friends Reminders.LNK - C:\Program Files\Corel\Print House Magic\cffrem.exe [2007-10-06 670208]
EPSON Contr“le en arriŠre-plan.lnk - C:\Program Files\EPSON\ESM2\Stms.exe [1999-12-03 235008]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=chkxdk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msvideo"= o100vc.dll
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\XP\System32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S1 aswSP;avast! Self Protection;C:\WINDOWS\XP\System32\drivers\aswSP.sys [2008-07-19 78416]
S3 HCW848NT;Hauppauge Win/TV;C:\WINDOWS\XP\System32\DRIVERS\hcw848nt.sys [2000-06-12 140440]
S3 WFsys;WinFox Control I/O Driver;C:\WINDOWS\XP\System32\DRIVERS\wfsys.sys [2001-10-25 11260]
*Newly Created Service* - ALG
.
Contenu du dossier 'Tâches planifiées'
2008-10-13 C:\WINDOWS\XP\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1A13BB96-550A-4450-83B9-16FE6E6348Fc} - C:\WINDOWS\XP\System32\xhwdkpda.dll
BHO-{1CFAD6E6-B682-4A54-95AD-E7A76CA2C8Dd} - C:\WINDOWS\XP\System32\xhwdkpda.dll
BHO-{1dcb2d49-3c18-1ae6-1fa4-b85ed21231fb} - C:\WINDOWS\XP\System32\dpooowpwxy.dll
BHO-{510e67cb-fc5f-47eb-b409-a0a7c9420683} - C:\WINDOWS\XP\System32\chkxdk.dll
BHO-{CDAF47B2-53E0-4FD8-9151-32309B3BB7BB} - C:\WINDOWS\XP\System32\geBrpoPI.dll
BHO-{FBFF3B36-BE67-4561-99A4-5477B0BFC5FA} - C:\WINDOWS\XP\System32\fccyyWNG.dll
HKLM-Run-{07affece-f3ed-ac8d-f7e6-7ce5584de7d6} - C:\WINDOWS\XP\System32\osxokpiiuvbfkqbhz.dll
HKLM-Run-p2p networking - p2pnetworking.exe
ShellExecuteHooks-{FBFF3B36-BE67-4561-99A4-5477B0BFC5FA} - C:\WINDOWS\XP\System32\fccyyWNG.dll
Notify-fccyyWNG - fccyyWNG.dll
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\XP\Downloaded Program Files\oscan8.inf
C:\WINDOWS\XP\bdoscandellang.ini
C:\WINDOWS\XP\bdoscandel.exe
C:\WINDOWS\XP\Downloaded Program Files\live.ini
C:\WINDOWS\XP\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\XP\Downloaded Program Files\lang.ini
C:\WINDOWS\XP\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\XP\Downloaded Program Files\bdupd.dll
C:\WINDOWS\XP\Downloaded Program Files\libfn.dll
C:\WINDOWS\XP\Downloaded Program Files\bdcore.dll
C:\WINDOWS\XP\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 06:27:52
Windows 5.1.2600 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-22 6:35:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-22 04:35:36
Avant-CF: 6 872 440 832 octets libres
Après-CF: 8,303,210,496 octets libres
278
avertissements avast:
21/10/2008 20:53:41 SYSTEM 1564 Sign of "VBS:Malware-gen" has been found in "http://fr.pcvirusremover2008.com/2009/104/?va=swnm4r&vl=7502&vf=pp_7281870697&vex=1\unp84990278" file.
22/10/2008 15:40:48 SYSTEM 1384 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061814.vbs" file.
22/10/2008 16:40:40 SYSTEM 1384 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061814.vbs" file.
22/10/2008 17:40:39 SYSTEM 1384 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061814.vbs" file.
22/10/2008 19:09:03 Administrateur 284 Sign of "Win32:Goldun-NN [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe\[UPX]" file.
22/10/2008 19:14:18 Administrateur 284 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe\[Embedded#10f7e]" file.
22/10/2008 19:23:13 Administrateur 284 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe" file.
22/10/2008 20:13:52 Administrateur 2016 Sign of "Win32:Goldun-NN [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe\[UPX]" file.
22/10/2008 20:23:04 Administrateur 2016 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe\[Embedded#10f7e]" file.
22/10/2008 20:23:05 Administrateur 2016 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe" file.
22/10/2008 21:24:33 Administrateur 2016 Sign of "Win32:Neptunia-YO [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP321\A0058562.exe\whAgent.exe" file.
22/10/2008 21:57:00 Administrateur 2016 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP321\A0058562.exe\webhdll.dll" file.
22/10/2008 21:57:01 Administrateur 2016 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP321\A0058562.exe\whiehlpr.dll" file.
22/10/2008 21:57:11 Administrateur 2016 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061813.dll" file.
22/10/2008 21:57:15 Administrateur 2016 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061814.vbs" file.
22/10/2008 21:57:16 Administrateur 2016 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061815.exe\$SYSDIR\EV13\EV131084.exe" file.
22/10/2008 21:57:17 Administrateur 2016 Sign of "Win32:Agent-ACEN [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061816.exe" file.
22/10/2008 21:57:20 Administrateur 2016 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061817.exe" file.
22/10/2008 21:57:21 Administrateur 2016 Sign of "Win32:Agent-ABKG [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061818.exe\$SYSDIR\$SYSDIR\$[39]" file.
22/10/2008 21:57:23 Administrateur 2016 Sign of "Win32:Agent-ACEN [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061819.exe" file.
Mon PC depuis plusieurs jours reste infecté par plusieurs virus du type WIN32 (spyware-gen,trojn-gen,adware-gen,gamona...) et par VBS:malware-gen aprés que j'ai lancé l'anti virus secuser en ligne qui ne les détecte pas .
J'ai aussi lancé AVAST dont j'ai mis les derneirs avertissements à la fin de ce message mais je n'ose pas supprimer les fichiers avec AVAST de peur qu'ils ne soient important.
Je mets ci dessous le log de hijackthis qui d'apres ce que j'ai lu sur ce forum pourra etre utile à la personne qui viendra à mon secour;
Je voudrais bien sur eviter absolument de formater mon disque ou de reinstaller windows.
J'ai windows XP.
N'etant pas un expert informatique je ne sais pas ce qu'il convient de faire.
Merci aux personnes qui me repondront.
log de hijackthis
ComboFix 08-10-21.01 - Administrateur 2008-10-22 6:17:16.1 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.232 [GMT 2:00]
Lancé depuis: D:\Downloads\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Laurent F\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\Laurent F\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\Documents and Settings\Laurent F\winlogo.exe
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\NetMon\log.txt
C:\Documents and Settings\Martine S\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\network monitor
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\license.txt
C:\Program Files\webhancer\Programs\readme.txt
C:\Program Files\webhancer\Programs\sporder.dll
C:\Program Files\webhancer\Programs\whagent.ini
C:\Program Files\webhancer\Programs\whinstaller.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\XP\system32\atmtd.dll
C:\WINDOWS\XP\system32\atmtd.dll._
C:\WINDOWS\XP\system32\chkxdk.dll
C:\WINDOWS\XP\system32\ewlqupkc.dll
C:\WINDOWS\XP\system32\fqoqjj.dll
C:\WINDOWS\XP\System32\geBrpoPI.dll
C:\WINDOWS\XP\system32\iciaeqln.ini
C:\WINDOWS\XP\system32\iosubwav.dll
C:\WINDOWS\XP\system32\IPoprBeg.ini
C:\WINDOWS\XP\system32\IPoprBeg.ini2
C:\WINDOWS\XP\system32\jowaegjw.ini
C:\WINDOWS\XP\system32\jsakvoir.dll
C:\WINDOWS\XP\system32\kmukmcsx.exe
C:\WINDOWS\XP\system32\MSINET.oca
C:\WINDOWS\XP\system32\msnav32.ax
C:\WINDOWS\XP\system32\pac.txt
C:\WINDOWS\XP\system32\pvubxo.dll
C:\WINDOWS\XP\system32\qecncnwl.dll
C:\WINDOWS\XP\system32\sthnsitk.dll
C:\WINDOWS\XP\system32\teeoeuyu.ini
C:\WINDOWS\XP\system32\uqdzta.dll
C:\WINDOWS\XP\system32\uqjxdsmw.ini
C:\WINDOWS\XP\system32\vcobbsrh.ini
C:\WINDOWS\XP\system32\winlogo.exe
C:\WINDOWS\XP\system32\winpfz33.sys
C:\WINDOWS\XP\system32\wjgeawoj.dll
C:\WINDOWS\XP\system32\xhwdkpda.dll
C:\WINDOWS\XP\system32\xiddvmmg.exe
C:\WINDOWS\XP\system32\xsxpgoxf.dll
C:\WINDOWS\XP\system32\ycqikidf.dll
C:\WINDOWS\XP\system32\zxdnt3d.cfg
C:\WINDOWS\XP\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))
.
2008-10-21 21:04 . 2008-10-21 21:04 20,521,845 --a------ C:\WINDOWS\XP\LPT$VPN.609
2008-10-21 21:03 . 2008-10-21 21:04 <REP> d-------- C:\WINDOWS\XP\AU_Temp
2008-10-21 21:03 . 2008-10-21 21:04 20,521,845 --a------ C:\WINDOWS\XP\VPTNFILE.609
2008-10-20 11:37 . 2002-12-12 01:34 208,896 --a------ C:\WINDOWS\XP\system32\wmpns.dll
2008-10-20 11:35 . 2008-10-20 11:35 <REP> d-------- C:\My Music
2008-10-20 07:39 . 2007-09-11 19:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-20 07:39 . 2007-09-11 19:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-20 07:39 . 2007-09-11 18:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-20 07:39 . 2008-10-20 11:37 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-20 07:39 . 2007-09-11 19:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-20 07:39 . 2008-10-20 07:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-10-20 07:39 . 2007-09-11 19:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-20 07:39 . 2008-10-20 07:39 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-20 07:35 . 2008-10-20 07:35 207 --a------ C:\Documents and Settings\Laurent F\2626.bat
2008-10-20 07:20 . 2008-10-20 07:20 90,915 --a------ C:\WINDOWS\XP\system32\dpooowpwxy.dll-uninst.exe
2008-10-20 07:20 . 2008-10-20 07:20 207 --a------ C:\Documents and Settings\Laurent F\7041.bat
2008-10-20 07:05 . 2008-10-20 07:05 207 --a------ C:\Documents and Settings\Laurent F\5755.bat
2008-10-20 06:50 . 2008-10-20 06:50 207 --a------ C:\Documents and Settings\Laurent F\5625.bat
2008-10-20 06:38 . 2008-10-20 06:38 207 --a------ C:\Documents and Settings\Laurent F\4120.bat
2008-10-20 06:20 . 2008-10-20 06:20 207 --a------ C:\Documents and Settings\Laurent F\1452.bat
2008-10-20 06:05 . 2008-10-20 06:05 207 --a------ C:\Documents and Settings\Laurent F\4769.bat
2008-10-20 05:50 . 2008-10-20 05:50 207 --a------ C:\Documents and Settings\Laurent F\9631.bat
2008-10-20 05:20 . 2008-10-20 05:20 207 --a------ C:\Documents and Settings\Laurent F\1043.bat
2008-10-20 05:05 . 2008-10-20 05:05 207 --a------ C:\Documents and Settings\Laurent F\9628.bat
2008-10-20 04:50 . 2008-10-20 04:50 207 --a------ C:\Documents and Settings\Laurent F\5774.bat
2008-10-20 04:35 . 2008-10-20 04:35 207 --a------ C:\Documents and Settings\Laurent F\6218.bat
2008-10-20 04:20 . 2008-10-20 04:20 207 --a------ C:\Documents and Settings\Laurent F\7609.bat
2008-10-20 04:05 . 2008-10-20 04:05 207 --a------ C:\Documents and Settings\Laurent F\7201.bat
2008-10-20 03:50 . 2008-10-20 03:50 207 --a------ C:\Documents and Settings\Laurent F\7105.bat
2008-10-20 03:35 . 2008-10-20 03:35 207 --a------ C:\Documents and Settings\Laurent F\5671.bat
2008-10-20 03:20 . 2008-10-20 03:20 207 --a------ C:\Documents and Settings\Laurent F\1817.bat
2008-10-20 03:05 . 2008-10-20 03:05 207 --a------ C:\Documents and Settings\Laurent F\6403.bat
2008-10-20 02:50 . 2008-10-20 02:50 207 --a------ C:\Documents and Settings\Laurent F\5926.bat
2008-10-20 02:35 . 2008-10-20 02:35 207 --a------ C:\Documents and Settings\Laurent F\2687.bat
2008-10-20 02:20 . 2008-10-20 05:35 207 --a------ C:\Documents and Settings\Laurent F\4691.bat
2008-10-20 02:05 . 2008-10-20 02:05 207 --a------ C:\Documents and Settings\Laurent F\9617.bat
2008-10-20 01:50 . 2008-10-20 01:50 207 --a------ C:\Documents and Settings\Laurent F\7274.bat
2008-10-20 01:35 . 2008-10-20 01:35 207 --a------ C:\Documents and Settings\Laurent F\6961.bat
2008-10-20 01:17 . 2008-10-20 01:17 <REP> d-------- C:\WINDOWS\XP\Sun
2008-10-20 01:16 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\XP\system32\jpicpl32.cpl
2008-10-20 01:15 . 2008-10-20 01:16 <REP> d-------- C:\Program Files\Java
2008-10-20 01:15 . 2008-10-20 01:15 207 --a------ C:\Documents and Settings\Laurent F\6105.bat
2008-10-20 01:14 . 2008-10-20 01:14 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-20 01:00 . 2008-10-20 01:00 207 --a------ C:\Documents and Settings\Laurent F\3506.bat
2008-10-20 00:45 . 2008-10-20 00:45 207 --a------ C:\Documents and Settings\Laurent F\9853.bat
2008-10-20 00:30 . 2008-10-20 00:30 207 --a------ C:\Documents and Settings\Laurent F\3129.bat
2008-10-20 00:15 . 2008-10-20 00:15 207 --a------ C:\Documents and Settings\Laurent F\1750.bat
2008-10-20 00:00 . 2008-10-20 00:00 207 --a------ C:\Documents and Settings\Laurent F\8129.bat
2008-10-19 23:45 . 2008-10-19 23:45 207 --a------ C:\Documents and Settings\Laurent F\5296.bat
2008-10-19 23:30 . 2008-10-19 23:30 207 --a------ C:\Documents and Settings\Laurent F\1487.bat
2008-10-19 23:15 . 2008-10-19 23:15 207 --a------ C:\Documents and Settings\Laurent F\4440.bat
2008-10-19 23:00 . 2008-10-19 23:00 207 --a------ C:\Documents and Settings\Laurent F\7030.bat
2008-10-19 22:45 . 2008-10-19 22:45 207 --a------ C:\Documents and Settings\Laurent F\7819.bat
2008-10-19 22:26 . 2008-10-19 22:26 207 --a------ C:\Documents and Settings\Laurent F\8786.bat
2008-10-19 22:11 . 2008-10-19 22:11 207 --a------ C:\Documents and Settings\Laurent F\6903.bat
2008-10-19 21:56 . 2008-10-19 21:56 207 --a------ C:\Documents and Settings\Laurent F\4639.bat
2008-10-19 21:41 . 2008-10-19 21:41 207 --a------ C:\Documents and Settings\Laurent F\5276.bat
2008-10-19 21:26 . 2008-10-19 21:26 207 --a------ C:\Documents and Settings\Laurent F\9391.bat
2008-10-19 21:11 . 2008-10-19 21:11 207 --a------ C:\Documents and Settings\Laurent F\4465.bat
2008-10-19 20:58 . 2008-10-20 01:11 <REP> d-------- C:\WINDOWS\XP\avxoscan
2008-10-19 20:56 . 2008-10-19 20:56 207 --a------ C:\Documents and Settings\Laurent F\4830.bat
2008-10-19 20:43 . 2008-10-19 20:56 <REP> d-------- C:\WINDOWS\XP\BDOSCAN8
2008-10-19 20:41 . 2008-10-19 20:41 207 --a------ C:\Documents and Settings\Laurent F\5922.bat
2008-10-19 20:26 . 2008-10-19 20:26 207 --a------ C:\Documents and Settings\Laurent F\4362.bat
2008-10-19 20:11 . 2008-10-19 20:11 207 --a------ C:\Documents and Settings\Laurent F\5628.bat
2008-10-19 19:56 . 2008-10-19 19:56 207 --a------ C:\Documents and Settings\Laurent F\4917.bat
2008-10-19 19:41 . 2008-10-19 19:41 207 --a------ C:\Documents and Settings\Laurent F\4290.bat
2008-10-19 19:26 . 2008-10-19 19:26 207 --a------ C:\Documents and Settings\Laurent F\7261.bat
2008-10-19 19:11 . 2008-10-19 19:11 207 --a------ C:\Documents and Settings\Laurent F\7277.bat
2008-10-19 18:56 . 2008-10-19 18:56 207 --a------ C:\Documents and Settings\Laurent F\6774.bat
2008-10-19 18:41 . 2008-10-19 18:41 207 --a------ C:\Documents and Settings\Laurent F\9162.bat
2008-10-19 18:25 . 2008-10-19 18:25 207 --a------ C:\Documents and Settings\Laurent F\4360.bat
2008-10-19 18:10 . 2008-10-19 18:10 207 --a------ C:\Documents and Settings\Laurent F\5517.bat
2008-10-19 17:55 . 2008-10-19 17:55 207 --a------ C:\Documents and Settings\Laurent F\2283.bat
2008-10-19 17:41 . 2008-10-19 17:41 207 --a------ C:\Documents and Settings\Laurent F\5793.bat
2008-10-19 17:25 . 2008-10-19 17:25 207 --a------ C:\Documents and Settings\Laurent F\7054.bat
2008-10-19 17:10 . 2008-10-19 17:10 207 --a------ C:\Documents and Settings\Laurent F\7255.bat
2008-10-19 16:55 . 2008-10-19 16:55 207 --a------ C:\Documents and Settings\Laurent F\3642.bat
2008-10-19 16:40 . 2008-10-19 16:40 207 --a------ C:\Documents and Settings\Laurent F\6016.bat
2008-10-19 12:01 . 2008-10-19 20:17 <REP> d-------- C:\WINDOWS\XP\system32\xp2
2008-10-19 12:01 . 2008-10-20 22:23 <REP> d-------- C:\WINDOWS\XP\system32\vm
2008-10-19 12:01 . 2008-10-19 20:17 <REP> d-------- C:\WINDOWS\XP\system32\mci
2008-10-19 12:01 . 2008-10-20 22:11 <REP> d--hs---- C:\WINDOWS\XP\bG9sbw
2008-10-19 12:01 . 2008-10-19 12:01 64,859 --a------ C:\WINDOWS\XP\system32\odxzovilbi.exe
2008-10-19 12:01 . 2008-10-19 12:01 207 --a------ C:\WINDOWS\XP\system32\6230.bat
2008-10-19 12:00 . 2008-10-20 22:21 <REP> d-------- C:\WINDOWS\XP\system32\EV13
2008-10-19 12:00 . 2008-10-19 12:01 <REP> d-------- C:\Temp\xp34
2008-10-19 12:00 . 2008-10-22 06:17 <REP> d-------- C:\Temp
2008-10-19 12:00 . 2008-10-20 01:20 147,456 --a------ C:\WINDOWS\XP\system32\vbzip10.dll
2008-10-18 09:40 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\XP\system32\qcut.dll
2008-10-18 09:40 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\XP\system32\dxtmsft3.dll
2008-10-18 09:40 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\XP\system32\tm20dec.ax
2008-10-18 09:40 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\XP\system32\unam4ie.exe
2008-10-18 09:40 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\XP\system32\LMRTREND.dll
2008-10-18 09:40 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\XP\system32\mciqtz.drv
2008-10-18 09:40 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\XP\system32\vidx16.dll
2008-10-18 09:40 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\XP\system32\quartz.vxd
2008-10-18 09:40 . 2008-10-18 09:40 4,608 --a------ C:\WINDOWS\XP\system32\w95inf32.dll
2008-10-18 09:40 . 2008-10-18 09:40 2,272 --a------ C:\WINDOWS\XP\system32\w95inf16.dll
2008-10-18 09:40 . 2008-10-20 13:54 63 --a------ C:\WINDOWS\XP\CIV.INI
2008-10-17 15:01 . 2008-10-17 15:01 54,156 --ah----- C:\WINDOWS\XP\QTFont.qfn
2008-10-17 15:01 . 2008-10-17 15:01 1,409 --a------ C:\WINDOWS\XP\QTFont.for
2008-10-12 12:18 . 2008-10-12 12:18 <REP> d-------- C:\WINDOWS\XP\Downloaded Installations
2008-10-12 12:18 . 2008-10-12 12:18 <REP> d-------- C:\Program Files\D-Tools
2008-10-12 12:18 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\XP\system32\drivers\d347bus.sys
2008-10-12 12:18 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\XP\system32\drivers\d347prt.sys
2008-09-22 09:16 . 2008-09-22 09:16 <REP> d-------- C:\Program Files\Capturino V2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 19:04 91,744 ----a-w C:\WINDOWS\XP\BPMNT.dll
2008-10-21 19:04 1,213,784 ----a-w C:\WINDOWS\XP\vsapi32.dll
2008-10-18 16:50 --------- d-----w C:\Program Files\Free Easy Burner
2008-09-21 17:20 --------- d-----w C:\Program Files\Arcade Minesweeper
2008-09-21 17:13 --------- d-----w C:\Program Files\Minesweeper Clone
2008-09-02 21:14 --------- d-----w C:\Program Files\IrfanView
2008-08-12 17:20 71,749 ----a-w C:\WINDOWS\XP\hcextoutput.dll
2008-08-12 17:20 333,576 ----a-w C:\WINDOWS\XP\tsc.exe
2008-03-05 13:36 51,528 ----a-w C:\Documents and Settings\Martine S\Application Data\GDIPFONTCACHEV1.DAT
2008-02-03 21:18 51,528 ----a-w C:\Documents and Settings\Laurent F\Application Data\GDIPFONTCACHEV1.DAT
2007-08-24 18:02 59,048 ----a-w C:\Documents and Settings\Martine\Application Data\GDIPFONTCACHEV1.DAT
2007-07-04 18:17 57,480 ----a-w C:\Documents and Settings\Laurent\Application Data\GDIPFONTCACHEV1.DAT
2007-07-02 18:52 87,608 ----a-w C:\Documents and Settings\Martine\Application Data\ezpinst.exe
2007-07-02 18:52 47,360 ----a-w C:\Documents and Settings\Martine\Application Data\pcouffin.sys
2007-04-03 02:20 7,201 ----a-w C:\Program Files\!!!!!!gagnez de l'argent facile sur internet!!!!!!!!!!!.rtf
2007-03-22 21:35 12,795,657 ----a-w C:\Program Files\Windows Media Player v.11b Français(Windows XP)(lecteur vidéo et audio).rar
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\XP\System32\CTFMON.EXE" [2001-08-28 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast_2K"="C:\WINDOWS\XP\System32\WF2K.EXE" [2001-10-23 2191360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="C:\WINDOWS\XP\System32\NvCpl.dll" [2006-11-17 7700480]
"NvMediaCenter"="C:\WINDOWS\XP\System32\NvMcTray.dll" [2006-11-17 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-26 180269]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"WinFast2KLoadDefault"="wf2kcpl.dll" [2001-09-25 C:\WINDOWS\XP\system32\WF2KCPL.dll]
"nwiz"="nwiz.exe" [2006-11-17 C:\WINDOWS\XP\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\XP\System32\CTFMON.EXE" [2001-08-28 13312]
C:\Documents and Settings\All Users.XP\Menu D‚marrer\Programmes\D‚marrage\
Corel Family & Friends Reminders.LNK - C:\Program Files\Corel\Print House Magic\cffrem.exe [2007-10-06 670208]
EPSON Contr“le en arriŠre-plan.lnk - C:\Program Files\EPSON\ESM2\Stms.exe [1999-12-03 235008]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=chkxdk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msvideo"= o100vc.dll
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\XP\System32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S1 aswSP;avast! Self Protection;C:\WINDOWS\XP\System32\drivers\aswSP.sys [2008-07-19 78416]
S3 HCW848NT;Hauppauge Win/TV;C:\WINDOWS\XP\System32\DRIVERS\hcw848nt.sys [2000-06-12 140440]
S3 WFsys;WinFox Control I/O Driver;C:\WINDOWS\XP\System32\DRIVERS\wfsys.sys [2001-10-25 11260]
*Newly Created Service* - ALG
.
Contenu du dossier 'Tâches planifiées'
2008-10-13 C:\WINDOWS\XP\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1A13BB96-550A-4450-83B9-16FE6E6348Fc} - C:\WINDOWS\XP\System32\xhwdkpda.dll
BHO-{1CFAD6E6-B682-4A54-95AD-E7A76CA2C8Dd} - C:\WINDOWS\XP\System32\xhwdkpda.dll
BHO-{1dcb2d49-3c18-1ae6-1fa4-b85ed21231fb} - C:\WINDOWS\XP\System32\dpooowpwxy.dll
BHO-{510e67cb-fc5f-47eb-b409-a0a7c9420683} - C:\WINDOWS\XP\System32\chkxdk.dll
BHO-{CDAF47B2-53E0-4FD8-9151-32309B3BB7BB} - C:\WINDOWS\XP\System32\geBrpoPI.dll
BHO-{FBFF3B36-BE67-4561-99A4-5477B0BFC5FA} - C:\WINDOWS\XP\System32\fccyyWNG.dll
HKLM-Run-{07affece-f3ed-ac8d-f7e6-7ce5584de7d6} - C:\WINDOWS\XP\System32\osxokpiiuvbfkqbhz.dll
HKLM-Run-p2p networking - p2pnetworking.exe
ShellExecuteHooks-{FBFF3B36-BE67-4561-99A4-5477B0BFC5FA} - C:\WINDOWS\XP\System32\fccyyWNG.dll
Notify-fccyyWNG - fccyyWNG.dll
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\XP\Downloaded Program Files\oscan8.inf
C:\WINDOWS\XP\bdoscandellang.ini
C:\WINDOWS\XP\bdoscandel.exe
C:\WINDOWS\XP\Downloaded Program Files\live.ini
C:\WINDOWS\XP\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\XP\Downloaded Program Files\lang.ini
C:\WINDOWS\XP\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\XP\Downloaded Program Files\bdupd.dll
C:\WINDOWS\XP\Downloaded Program Files\libfn.dll
C:\WINDOWS\XP\Downloaded Program Files\bdcore.dll
C:\WINDOWS\XP\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 06:27:52
Windows 5.1.2600 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-22 6:35:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-22 04:35:36
Avant-CF: 6 872 440 832 octets libres
Après-CF: 8,303,210,496 octets libres
278
avertissements avast:
21/10/2008 20:53:41 SYSTEM 1564 Sign of "VBS:Malware-gen" has been found in "http://fr.pcvirusremover2008.com/2009/104/?va=swnm4r&vl=7502&vf=pp_7281870697&vex=1\unp84990278" file.
22/10/2008 15:40:48 SYSTEM 1384 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061814.vbs" file.
22/10/2008 16:40:40 SYSTEM 1384 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061814.vbs" file.
22/10/2008 17:40:39 SYSTEM 1384 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061814.vbs" file.
22/10/2008 19:09:03 Administrateur 284 Sign of "Win32:Goldun-NN [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe\[UPX]" file.
22/10/2008 19:14:18 Administrateur 284 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe\[Embedded#10f7e]" file.
22/10/2008 19:23:13 Administrateur 284 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe" file.
22/10/2008 20:13:52 Administrateur 2016 Sign of "Win32:Goldun-NN [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe\[UPX]" file.
22/10/2008 20:23:04 Administrateur 2016 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe\[Embedded#10f7e]" file.
22/10/2008 20:23:05 Administrateur 2016 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Laurent F\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers personnels\Éléments supprimés\You have received an Greeting eCard\ecard.zip\ecard.exe" file.
22/10/2008 21:24:33 Administrateur 2016 Sign of "Win32:Neptunia-YO [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP321\A0058562.exe\whAgent.exe" file.
22/10/2008 21:57:00 Administrateur 2016 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP321\A0058562.exe\webhdll.dll" file.
22/10/2008 21:57:01 Administrateur 2016 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP321\A0058562.exe\whiehlpr.dll" file.
22/10/2008 21:57:11 Administrateur 2016 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061813.dll" file.
22/10/2008 21:57:15 Administrateur 2016 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061814.vbs" file.
22/10/2008 21:57:16 Administrateur 2016 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061815.exe\$SYSDIR\EV13\EV131084.exe" file.
22/10/2008 21:57:17 Administrateur 2016 Sign of "Win32:Agent-ACEN [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061816.exe" file.
22/10/2008 21:57:20 Administrateur 2016 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061817.exe" file.
22/10/2008 21:57:21 Administrateur 2016 Sign of "Win32:Agent-ABKG [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061818.exe\$SYSDIR\$SYSDIR\$[39]" file.
22/10/2008 21:57:23 Administrateur 2016 Sign of "Win32:Agent-ACEN [Trj]" has been found in "C:\System Volume Information\_restore{9C130FC3-2BF2-4E87-B0E4-0F9D63B9BB1F}\RP323\A0061819.exe" file.
A voir également:
- PC infecté plusieurs win 32 VBS:malware-gen
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
- Double ecran pc - Guide
1 réponse
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
23 oct. 2008 à 04:54
23 oct. 2008 à 04:54
Salut,
- Télécharge et installe Malwarebytes' Anti-Malware :
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
- Mets-le à jour.
- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/
- Choisis ta session habituelle.
- Fais un scan complet avec Malwarebytes' Anti-Malware .
- Supprime tout ce que le logiciel trouve, enregistre le rapport.
- Redémarre en mode normal et poste le rapport ici.
- Télécharge et installe Malwarebytes' Anti-Malware :
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
- Mets-le à jour.
- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/
- Choisis ta session habituelle.
- Fais un scan complet avec Malwarebytes' Anti-Malware .
- Supprime tout ce que le logiciel trouve, enregistre le rapport.
- Redémarre en mode normal et poste le rapport ici.
