Virus VBS:Malware-gen [Résolu] - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Virus VBS:Malware-gen [Résolu]
 
KlingKlang
Profil : IDNaute
Plus d'informations
n°297099
31-03-2008 à 19:07:49

Bonjour,

j'ai un problème de virus sur mon ordinateur, dès que je l'allume Avast m'informe qu'un virus de type "VBS:Malware-gen" est présent et j'ai beau le mettre en quarantaine ou le supprimer, rien n'y fait.
Je ne m'y connais pas beaucoup en informatique mais d'après d'autres sujets, j'ai cru comprendre que ce type de virus etait répandu...
Que dois-je faire?

En espérant que quelqu'un puisse m'eclairer sur le sujet.


Message édité par KlingKlang le 02-05-2008 à 00:53:08
Liens spon sorisés

Inscrivez-vous ou connectez-vous pour masquer ceci.

Angeldark
Profil : Helper
Plus d'informations
n°297102
31-03-2008 à 19:11:48

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
KlingKlang
Profil : IDNaute
Plus d'informations
n°297108
31-03-2008 à 19:18:26

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:35, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\ESB.exe
C:\PNP\AUDIO\SOUNDMAN.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\msconf.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecofree.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freerip.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: HobbyTent Toolbar - {292c9657-b39c-41f9-993b-b34170bc9d79} - C:\Program Files\HobbyTent\tbHobb.dll
O2 - BHO: (no name) - {36B0A160-3183-682F-A14C-69E34CE0AF9B} - C:\WINDOWS\system32\rhn.dll (file missing)
O2 - BHO: (no name) - {436B43F9-D06E-8E95-1A64-8A8DB0208296} - C:\WINDOWS\system32\pnc.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C034743E-BD88-BA78-F1D9-B0DECFBB0AC0} - C:\WINDOWS\system32\whcath.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: HobbyTent Toolbar - {292c9657-b39c-41f9-993b-b34170bc9d79} - C:\Program Files\HobbyTent\tbHobb.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [Audio] C:\PNP\AUDIO\SOUNDMAN.EXE
O4 - HKLM\..\Run: [Virtual PDF Printer] C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{586D4481-0BEE-1036-1128-031120020021}] "C:\Program Files\Fichiers communs\{586D4481-0BEE-1036-1128-031120020021}\Update.exe" te-110-12-0000307
O4 - HKLM\..\Run: [{586D4481-0BED-1036-1128-031120020021}] "C:\Program Files\Fichiers communs\{586D4481-0BED-1036-1128-031120020021}\Update.exe" te-110-12-0000307
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [{586D4481-0BEF-1036-1128-031120020021}] "C:\Program Files\Fichiers communs\{586D4481-0BEF-1036-1128-031120020021}\Update.exe" te-110-12-0000307
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DRam prosessor] msconf.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [DRam prosessor] msconf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\AURLIE~1\MESDOC~1\PPATCH~1\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Padah] C:\WINDOWS\system32\W?nSxS\l?ass.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - Startup: Registration-Studio 8 LE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG2
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v [...] b55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v [...] b55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://antoine-bregeaud.spaces.liv [...] nPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v [...] b55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://antoine-bregeaud.spaces.liv [...] nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagam [...] b67031.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramew [...] b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v [...] b55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 11940 bytes

KlingKlang
Profil : IDNaute
Plus d'informations
n°297110
31-03-2008 à 19:19:36

Voilà, le rapport Angeldark.
Merci pour ta rapidité.

Angeldark
Profil : Helper
Plus d'informations
n°297112
31-03-2008 à 19:22:28

On continue.

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
KlingKlang
Profil : IDNaute
Plus d'informations
n°297142
31-03-2008 à 20:37:06

Voilà le rapport que j'ai obtenu (non sans mal):

ComboFix 08-03-30.3 - Aurélien 2008-03-31 19:31:15.1 - NTFSx86
Endroit: C:\Documents and Settings\Aurélien\Bureau\combofix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\nfo
C:\Documents and Settings\All Users\Application Data\nfo\arch\1001.dfn
C:\Documents and Settings\All Users\Application Data\nfo\keys.dat
C:\Documents and Settings\All Users\Application Data\nfo\mon0104.dbd
C:\Documents and Settings\All Users\Application Data\nfo\mon0106.ddx
C:\Documents and Settings\All Users\Application Data\nfo\mon0204.ddx
C:\Documents and Settings\All Users\Application Data\nfo\mon0315.ddx
C:\Documents and Settings\All Users\Application Data\nfo\mon0412.ddx
C:\Documents and Settings\All Users\Application Data\nfo\mon0504.ddx
C:\Documents and Settings\All Users\Application Data\nfo\mon0904.ddx
C:\Documents and Settings\All Users\Application Data\nfo\mon1125.ddx
C:\Documents and Settings\All Users\Application Data\nfo\mon1204.ddx
C:\Documents and Settings\All Users\Application Data\nfo\mon1215.dbd
C:\Documents and Settings\All Users\Application Data\nfo\mon1909.ddx
C:\Documents and Settings\All Users\Application Data\nfo\mon1920.dbd
C:\Documents and Settings\All Users\Application Data\nfo\mon2007.dbd
C:\Documents and Settings\All Users\Application Data\vidmon
C:\Documents and Settings\All Users\Application Data\vidmon\vidmon.inf
C:\Documents and Settings\Aurélien\Application Data\macromedia\Flash Player\#SharedObjects\2TAX6DPA\www.broadcaster.com
C:\Documents and Settings\Aurélien\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Aurélien\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Aurélien\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\Aurélien\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\Aurélien\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Aurélien\Mes documents\PPATCH~1
C:\Documents and Settings\Aurélien\Mes documents\PPATCH~1\??pPatch\
C:\Documents and Settings\Aurélien\Mes documents\RACLE~1
C:\Documents and Settings\Aurélien\new.txt
C:\lswmv.ini
C:\Program Files\asembl~1
C:\Program Files\Fichiers communs\{586D4~1
C:\Program Files\Fichiers communs\{586D4~2
C:\Program Files\Fichiers communs\{586D4~3
C:\Program Files\Fichiers communs\uninstall information
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
C:\Program Files\pppatc~1
C:\Program Files\webhancer
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\WINDOWS\rayiou.exe
C:\WINDOWS\ssembl~1
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(16).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\mcroso~1
C:\WINDOWS\system32\msconf.exe
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\vidmon
C:\WINDOWS\system32\wcpisvcc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COM+_MESSAGES
-------\Legacy_CORE
-------\Legacy_NWSAPAGENT
-------\Service_COM+ Messages
-------\Service_core
-------\Service_NwSapAgent


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))))))))
.

2008-03-31 20:05 . 2008-03-31 20:05 <REP> d--hs---- C:\found.000
2008-03-31 19:16 . 2008-03-31 19:16 <REP> d-------- C:\Program Files\Trend Micro
2008-03-31 18:35 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 18:35 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-20 20:26 . 2003-06-19 02:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-20 20:24 . 2008-03-20 20:24 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-12 16:52 . 2008-03-20 21:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-04 19:06 . 2008-02-04 19:06 <REP> dr-h----- C:\MSOCache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 16:25 --------- d-----w C:\Program Files\Wanadoo
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-20 18:19 --------- d-----w C:\Program Files\Microsoft Works
2008-01-25 14:37 286,720 ----a-w C:\WINDOWS\iun507.exe
2006-11-12 12:31 486 ----a-w C:\Program Files\acad2000.cfg
2006-11-12 12:31 1,952 ----a-w C:\Program Files\RegInfo.txt
2006-11-12 12:26 146,722 ----a-w C:\Program Files\DeIsL1.isu
2006-11-12 12:24 6,795,264 ----a-w C:\Program Files\acad.exe
2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
1999-03-26 09:49 115,920 ----a-w C:\Program Files\actusm.dll
1999-03-25 03:14 88,773 ----a-w C:\Program Files\acadapp.arx
1999-03-25 03:07 274,432 ----a-w C:\Program Files\asilisp.arx
1999-03-25 03:06 12,288 ----a-w C:\Program Files\asilloc.dll
1999-03-25 03:05 122,880 ----a-w C:\Program Files\cao15.dll
1999-03-25 03:04 1,290,240 ----a-w C:\Program Files\condlg.arx
1999-03-25 02:55 110,592 ----a-w C:\Program Files\aclbed.dll
1999-03-25 02:54 167,936 ----a-w C:\Program Files\aseloc.dll
1999-03-25 02:54 1,089,536 ----a-w C:\Program Files\ase.arx
1999-03-25 02:49 417,792 ----a-w C:\Program Files\csp.dll
1999-03-25 02:48 40,960 ----a-w C:\Program Files\asiloc.dll
1999-03-25 02:47 831,488 ----a-w C:\Program Files\sqleng.dll
1999-03-25 02:43 118,784 ----a-w C:\Program Files\tmptbl.dll
1999-03-25 02:39 524,288 ----a-w C:\Program Files\sqldata.dll
1999-03-25 02:29 57,344 ----a-w C:\Program Files\oletohdi6.dll
1999-03-25 02:28 45,056 ----a-w C:\Program Files\styleeng.dll
1999-03-25 02:28 139,264 ----a-w C:\Program Files\styshwiz.exe
1999-03-25 02:27 69,632 ----a-w C:\Program Files\prntprog.dll
1999-03-25 02:27 32,768 ----a-w C:\Program Files\styexe.exe
1999-03-25 02:27 192,512 ----a-w C:\Program Files\addplwiz.exe
1999-03-25 02:26 389,120 ----a-w C:\Program Files\pc3edit.dll
1999-03-25 02:26 28,672 ----a-w C:\Program Files\pc3exe.exe
1999-03-25 02:25 528,384 ----a-w C:\Program Files\plcfmgr.dll
1999-03-25 02:25 225,280 ----a-w C:\Program Files\psizewiz.dll
1999-03-25 02:25 135,168 ----a-w C:\Program Files\plcalwiz.dll
1999-03-25 02:24 32,768 ----a-w C:\Program Files\apperr.dll
1999-03-25 02:23 45,056 ----a-w C:\Program Files\coreerr.dll
1999-03-25 02:23 28,672 ----a-w C:\Program Files\plcferr.dll
1999-03-25 02:13 790,528 ----a-w C:\Program Files\physpen.dll
1999-03-25 02:12 933,888 ----a-w C:\Program Files\styedit.dll
1999-03-25 02:11 86,016 ----a-w C:\Program Files\gridres.dll
1999-03-25 01:46 1,105,920 ----a-w C:\Program Files\vllib.dll
1999-03-25 01:45 65,536 ----a-w C:\Program Files\vlreac.dll
1999-03-25 01:45 380,928 ----a-w C:\Program Files\vlabout.dll
1999-03-25 01:45 36,864 ----a-w C:\Program Files\vldlg.dll
1999-03-25 01:45 323,584 ----a-w C:\Program Files\vlide.dll
1999-03-25 01:45 233,472 ----a-w C:\Program Files\vlmsg.dll
1999-03-25 01:45 20,480 ----a-w C:\Program Files\vlres.dll
1999-03-25 01:45 118,784 ----a-w C:\Program Files\vlcom.dll
1999-03-25 01:44 581,632 ----a-w C:\Program Files\vl.arx
1999-03-25 01:43 77,824 ----a-w C:\Program Files\dwgaids.arx
1999-03-25 01:43 6,821 ----a-w C:\Program Files\solids.xmx
1999-03-25 01:43 286,720 ----a-w C:\Program Files\axdb15.dll
1999-03-25 01:43 105,125 ----a-w C:\Program Files\acsolids.arx
1999-03-25 01:42 2,723,840 ----a-w C:\Program Files\axauto15.dll
1999-03-25 01:41 68,768 ----a-w C:\Program Files\geomcal.arx
1999-03-25 01:41 66,540 ----a-w C:\Program Files\geom3d.arx
1999-03-25 01:41 53,479 ----a-w C:\Program Files\acadaut.reg
1999-03-25 01:41 44,078 ----a-w C:\Program Files\rectang.arx
1999-03-25 01:40 91,720 ----a-w C:\Program Files\render.xmx
1999-03-25 01:40 45,056 ----a-w C:\Program Files\aclsobj.arx
1999-03-25 01:40 172,032 ----a-w C:\Program Files\acadps.arx
1999-03-25 01:40 1,335,296 ----a-w C:\Program Files\acrender.arx
1999-03-25 01:30 32,768 ----a-w C:\Program Files\whohas.arx
1999-03-25 01:30 192,512 ----a-w C:\Program Files\acadvba.arx
1999-03-25 01:29 98,304 ----a-w C:\Program Files\acqsetup.arx
1999-03-25 01:29 61,440 ----a-w C:\Program Files\acoscale.arx
1999-03-25 01:29 204,800 ----a-w C:\Program Files\acasetup.arx
1999-03-25 01:29 200,704 ----a-w C:\Program Files\acadstar.arx
1999-03-25 01:28 69,632 ----a-w C:\Program Files\textfind.arx
1999-03-25 01:28 49,152 ----a-w C:\Program Files\units.arx
1999-03-25 01:28 49,152 ----a-w C:\Program Files\pltcmdln.arx
1999-03-25 01:28 110,592 ----a-w C:\Program Files\appload.arx
1999-03-25 01:27 94,208 ----a-w C:\Program Files\acDcTextStyles.arx
1999-03-25 01:27 81,920 ----a-w C:\Program Files\acmatch.arx
1999-03-25 01:27 139,264 ----a-w C:\Program Files\acorbit.arx
1999-03-25 01:27 131,072 ----a-w C:\Program Files\AcRefEd.arx
1999-03-25 01:26 86,016 ----a-w C:\Program Files\acDcDimStyles.arx
1999-03-25 01:25 94,208 ----a-w C:\Program Files\acDcLinetypes.arx
1999-03-25 01:25 86,016 ----a-w C:\Program Files\acDcXrefs.arx
1999-03-25 01:24 81,920 ----a-w C:\Program Files\acDcLayouts.arx
1999-03-25 01:24 69,632 ----a-w C:\Program Files\acDcImages.arx
1999-03-25 01:24 147,456 ----a-w C:\Program Files\acDcSymbols.arx
1999-03-25 01:23 516,096 ----a-w C:\Program Files\acDcFrame.arx
1999-03-25 01:17 143,360 ----a-w C:\Program Files\acDcUtils.dll
1999-03-25 01:16 204,800 ----a-w C:\Program Files\acISMui.arx
1999-03-25 01:12 61,440 ----a-w C:\Program Files\resize.dll
1999-03-25 01:12 45,056 ----a-w C:\Program Files\color.dll
1999-03-25 01:12 32,768 ----a-w C:\Program Files\textedit.arx
1999-03-25 01:12 118,784 ----a-w C:\Program Files\acadinet.dll
1999-03-25 01:11 69,632 ----a-w C:\Program Files\attedit.arx
1999-03-25 01:11 552,960 ----a-w C:\Program Files\AcDim.arx
1999-03-25 01:11 28,728 ----a-w C:\Program Files\acdorder.arx
1999-03-25 01:09 610,304 ----a-w C:\Program Files\acopm.arx
1999-03-25 01:08 53,248 ----a-w C:\Program Files\acsiui.arx
1999-03-25 01:08 32,768 ----a-w C:\Program Files\acbrowse.arx
1999-03-25 01:08 221,184 ----a-w C:\Program Files\acblock.arx
1999-03-25 01:07 65,536 ----a-w C:\Program Files\aceplotx.arx
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36B0A160-3183-682F-A14C-69E34CE0AF9B}]
C:\WINDOWS\system32\rhn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{436B43F9-D06E-8E95-1A64-8A8DB0208296}]
C:\WINDOWS\system32\pnc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C034743E-BD88-BA78-F1D9-B0DECFBB0AC0}]
C:\WINDOWS\system32\whcath.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"Sra"="C:\DOCUME~1\AURLIE~1\MESDOC~1\PPATCH~1\regedit.exe" [ ]
"Padah"="C:\WINDOWS\system32\W?nSxS\l?ass.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-09-10 22:32 167936 C:\WINDOWS\system32\pctspk.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-07 17:40 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-07 17:40 561152]
"ESB"="C:\WINDOWS\System32\ESB.exe" [2002-11-19 11:13 274432]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-11-08 14:25 372736 C:\WINDOWS\system32\nwiz.exe]
"SiSUSBRG"="C:\WINDOWS\sisUSBrg.exe" [2002-04-26 01:06 32768]
"Audio"="C:\PNP\AUDIO\SOUNDMAN.EXE" [2002-11-19 22:01 46592]
"Virtual PDF Printer"="C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe" [ ]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 12:00 192512]
"PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 16:13 49152]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2006-11-01 23:08 98304]
"{586D4481-0BEE-1036-1128-031120020021}"="C:\Program Files\Fichiers communs\{586D4481-0BEE-1036-1128-031120020021}\Update.exe" [ ]
"{586D4481-0BED-1036-1128-031120020021}"="C:\Program Files\Fichiers communs\{586D4481-0BED-1036-1128-031120020021}\Update.exe" [ ]
"Nfo"="C:\WINDOWS\system32\nfomon\nfomon.exe" [ ]
"{586D4481-0BEF-1036-1128-031120020021}"="C:\Program Files\Fichiers communs\{586D4481-0BEF-1036-1128-031120020021}\Update.exe" [ ]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 20:50 172032]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"DRam prosessor"="msconf.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"DRam prosessor"="msconf.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"5T19I3B27A"= C:\WINDOWS\svchost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57644:TCP"= 57644:TCP:PORT_57644
"24583:TCP"= 24583:TCP:PORT_24583
"17590:TCP"= 17590:TCP:PORT_17590
"52200:TCP"= 52200:TCP:PORT_52200
"44463:TCP"= 44463:TCP:PORT_44463
"15467:TCP"= 15467:TCP:PORT_15467
"5350:TCP"= 5350:TCP:PORT_5350
"5078:TCP"= 5078:TCP:PORT_5078
"65209:TCP"= 65209:TCP:PORT_65209
"35786:TCP"= 35786:TCP:PORT_35786
"39788:TCP"= 39788:TCP:PORT_39788
"63614:TCP"= 63614:TCP:PORT_63614
"47153:TCP"= 47153:TCP:PORT_47153
"31703:TCP"= 31703:TCP:PORT_31703
"38970:TCP"= 38970:TCP:PORT_38970
"29820:TCP"= 29820:TCP:PORT_29820
"58142:TCP"= 58142:TCP:PORT_58142
"65032:TCP"= 65032:TCP:PORT_65032
"21951:TCP"= 21951:TCP:PORT_21951
"9132:TCP"= 9132:TCP:PORT_9132
"32808:TCP"= 32808:TCP:PORT_32808
"17049:TCP"= 17049:TCP:PORT_17049
"23006:TCP"= 23006:TCP:PORT_23006
"36509:TCP"= 36509:TCP:PORT_36509
"43992:TCP"= 43992:TCP:PORT_43992
"52728:TCP"= 52728:TCP:PORT_52728

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-12-07 17:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 MTC0001_ESB;ESB device driver;C:\WINDOWS\system32\ntESB.sys [2001-11-27 10:11]
R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-29 09:34]
S3 f1e01a12-f0d2-4d48-b058-d833315a15b5;f1e01a12-f0d2-4d48-b058-d833315a15b5;Q:\Player\cds300.dll []
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27b9b9c2-9d0d-11dc-9681-0040f4f0848d}]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60f75a87-a11a-11d9-939f-0040d056b876}]
\shell\PlayWithPowerDVD\Command - "C:\APPS\CyberLink\PowerDVD\PowerDVD.exe" "%l"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7825c803-0b2b-11da-941b-0040d056b876}]
\shell\PlayWithPowerDVD\Command - "C:\APPS\CyberLink\PowerDVD\PowerDVD.exe" "%l"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7825c804-0b2b-11da-941b-0040d056b876}]
\shell\PlayWithPowerDVD\Command - "C:\APPS\CyberLink\PowerDVD\PowerDVD.exe" "%l"

*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWSP
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2005-03-13 22:25:26 C:\WINDOWS\Tasks\HDReg.job"
- C:\Program Files\HDReg\HDRegRem.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 20:12:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\msdmo.dll
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-31 20:19:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-31 18:18:58
Pre-Run: 18,884,177,920 octets libres
Post-Run: 19,812,421,632 octets libres
.
2008-01-03 02:01:32 --- E O F ---

Angeldark
Profil : Helper
Plus d'informations
n°297172
31-03-2008 à 21:27:22

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
KlingKlang
Profil : IDNaute
Plus d'informations
n°297223
01-04-2008 à 00:36:23

Le scan fut assez long, mais voilà le rapport:

Malwarebytes' Anti-Malware 1.09
Version de la base de données: 574

Type de recherche: Examen complet (C:\|)
Eléments examinés: 113996
Temps écoulé: 1 hour(s), 50 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\c3.bho3 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\c3.bho3.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{35b576b9-5a0f-43d7-8174-2ac714dc3ad2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bbd0d9e0-ee99-4c66-ac1e-2e77d40fe7c9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a8bd9566-9895-4fa3-918d-a51d4cd15865} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vccpgdataaccess.pgdataaccessctrl.1 (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0070620-1e72-42e7-a14c-3a255ad31839} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{41700749-a109-4254-af13-be54011e8783} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\DRam prosessor (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe.vir (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BBC87027-FC4C-4097-B0CE-C549EE242ED1}\RP406\A0134525.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_RON_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.

Angeldark
Profil : Helper
Plus d'informations
n°297298
01-04-2008 à 15:48:52

Reposte un rapport Hijackthis.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
KlingKlang
Profil : IDNaute
Plus d'informations
n°300973
12-04-2008 à 18:06:51

Excuse-moi pour le grand retard, je n'avais pas accès à internet...
Voilà le rapport Hjiackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:29, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\ESB.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PNP\AUDIO\SOUNDMAN.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Mai