Votre question

Virus dossier raccourcis

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Septembre 2010 12:54:08

Bonjour,
mon pc est infecté par 1 virus qui transforme mes dossiers en raccourci de 1 Ko

Autres pages sur : virus dossier raccourcis

11 Septembre 2010 11:14:28

Bonjour,

*Télécharge RSIT (merci random/random) sur le Bureau : Ici
Double-clique sur RSIT.exe, il ne nécessite pas d' installation.
Clique Continue à l' écran Disclaimer si tu acceptes les conditions.
-Si HijackThis est non détecté sur ton Pc, il le téléchargera (autorise l' accès dans ton pare-feu si demandé et accepte la licence).
Lorsque l' analyse sera terminée, deux fichiers texte s' ouvriront.
Poste le contenu de log.txt (celui qui s' ouvre) ainsi que info.txt qui est dans la Barre des Tâches

NB : Ces rapports sont enregistrés dans le dossier C:\rsit

A+
17 Septembre 2010 11:25:20

bonjour
j'ai le meme problème. voici le log de RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by USER at 2010-09-16 21:33:55
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 24 GB (59%) free of 41 GB
Total RAM: 511 MB (43% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2010-05-26 193968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-29 638976]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe [2010-05-26 3220912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-08-14 327472]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
OLITEC Wireless Utility.lnk - C:\Program Files\OLITEC\Common\Olitec.exe
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-16 21:33:57 ----D---- C:\Program Files\trend micro
2010-09-16 21:33:55 ----D---- C:\rsit
2010-09-16 21:31:07 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-09-16 21:31:07 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-09-16 21:31:05 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-09-16 21:31:03 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-09-16 21:31:01 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-09-16 21:31:01 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-09-16 21:31:00 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-09-16 21:30:48 ----SHD---- C:\Config.Msi
2010-09-16 21:30:34 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-09-16 19:37:16 ----D---- C:\Documents and Settings\USER\Application Data\Malwarebytes
2010-09-16 19:37:03 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-16 19:37:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-16 19:36:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-16 19:36:59 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-16 19:05:29 ----D---- C:\Program Files\CCleaner
2010-09-16 01:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-16 01:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-16 01:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-16 01:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-16 01:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-16 01:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-09-16 01:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-16 01:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-09-16 01:01:59 ----A---- C:\WINDOWS\system32\MRT.INI
2010-09-16 00:59:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-16 00:59:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-09-14 17:24:56 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-09-14 17:24:55 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-09-14 17:24:14 ----D---- C:\Program Files\Windows Media Connect 2
2010-09-14 17:23:29 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-09-14 17:22:02 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-09-14 17:21:05 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-09-14 17:20:55 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-09-14 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-09-12 22:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-09-12 22:50:09 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-09-12 22:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-09-12 22:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-09-12 22:49:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-09-12 22:49:30 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-09-12 22:49:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-09-12 22:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-09-12 22:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-09-12 22:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-09-12 22:48:38 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-09-12 22:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-09-12 15:14:49 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-09-12 10:54:44 ----D---- C:\WINDOWS\Prefetch
2010-09-12 10:51:54 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-09-12 10:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-09-12 10:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-09-12 10:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-09-12 10:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-09-12 10:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-09-12 10:51:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-09-12 10:51:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-09-12 10:51:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-09-12 10:50:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-09-12 10:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-09-12 10:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-09-12 10:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-09-12 10:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-09-12 10:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-09-12 10:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-09-12 10:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-09-12 10:50:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-09-12 10:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-09-12 10:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-09-12 10:49:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-09-12 10:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-09-12 10:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-09-12 10:49:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-09-12 10:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-09-12 10:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-09-12 10:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-09-12 10:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-09-12 10:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-09-12 10:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-09-12 10:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-09-12 10:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-09-12 10:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-09-12 10:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-09-12 10:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-09-12 10:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-09-12 10:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-09-12 10:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-09-12 10:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-09-12 10:47:53 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-09-12 10:47:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-09-12 10:47:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-09-12 10:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-09-12 10:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-09-12 10:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-09-12 10:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-09-12 10:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-09-12 10:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-09-12 10:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-09-12 10:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-09-12 10:46:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-09-12 10:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-09-12 10:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-09-12 10:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-09-12 10:46:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-09-12 10:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-09-12 10:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-09-12 10:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-09-12 10:40:47 ----D---- C:\WINDOWS\l2schemas
2010-09-12 10:40:46 ----D---- C:\WINDOWS\system32\fr
2010-09-12 10:40:46 ----D---- C:\WINDOWS\system32\bits
2010-09-12 10:33:41 ----D---- C:\WINDOWS\network diagnostic
2010-09-12 10:28:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-09-10 15:11:17 ----D---- C:\clé usb
2010-08-25 20:55:41 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-25 20:55:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-24 00:24:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961503_0$
2010-08-23 13:09:12 ----D---- C:\Program Files\Microsoft
2010-08-23 13:08:00 ----D---- C:\Program Files\Windows Live SkyDrive
2010-08-23 12:28:27 ----D---- C:\Program Files\Realtek AC97
2010-08-22 21:25:21 ----A---- C:\WINDOWS\system32\drivers\cdaudio.sys
2010-08-22 20:07:51 ----D---- C:\Program Files\Windows Live
2010-08-22 19:47:58 ----D---- C:\Documents and Settings\USER\Application Data\skypePM
2010-08-22 19:41:23 ----D---- C:\Documents and Settings\USER\Application Data\Skype
2010-08-22 19:40:32 ----D---- C:\Program Files\Fichiers communs\Skype
2010-08-22 19:40:28 ----RD---- C:\Program Files\Skype
2010-08-22 19:40:15 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-08-22 18:39:49 ----A---- C:\WINDOWS\system32\muweb.dll
2010-08-22 18:39:49 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-08-22 18:39:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-08-22 18:06:51 ----D---- C:\Program Files\Fichiers communs\Windows Live
2010-08-22 18:00:45 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-08-20 00:14:49 ----D---- C:\WINDOWS\ie8updates
2010-08-19 10:22:24 ----D---- C:\WINDOWS\system32\LogFiles
2010-08-17 23:54:53 ----D---- C:\WINDOWS\WBEM
2010-08-17 23:53:08 ----HDC---- C:\WINDOWS\ie8
2010-08-17 23:53:08 ----D---- C:\WINDOWS\system32\fr-FR
2010-08-17 23:45:40 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-17 23:45:06 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

======List of files/folders modified in the last 1 months======

2010-09-16 21:33:57 ----RD---- C:\Program Files
2010-09-16 21:31:07 ----D---- C:\WINDOWS\system32\drivers
2010-09-16 21:30:52 ----D---- C:\WINDOWS\WinSxS
2010-09-16 21:30:50 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-09-16 21:30:48 ----SHD---- C:\WINDOWS\Installer
2010-09-16 21:30:35 ----D---- C:\WINDOWS
2010-09-16 21:30:34 ----D---- C:\WINDOWS\system32
2010-09-16 21:27:13 ----D---- C:\WINDOWS\Temp
2010-09-16 21:25:33 ----D---- C:\Documents and Settings\USER\Application Data\uTorrent
2010-09-16 21:25:20 ----D---- C:\Documents and Settings\USER\Application Data\DMCache
2010-09-16 21:23:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-16 19:08:13 ----SD---- C:\WINDOWS\Tasks
2010-09-16 19:06:04 ----D---- C:\WINDOWS\Debug
2010-09-16 19:02:57 ----D---- C:\Program Files\Mozilla Firefox
2010-09-16 18:59:29 ----D---- C:\Documents and Settings\USER\Application Data\TeraCopy
2010-09-16 01:03:36 ----HD---- C:\WINDOWS\inf
2010-09-16 01:03:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-16 01:03:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-16 01:02:48 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-09-15 23:03:29 ----A---- C:\WINDOWS\avisplitter.ini
2010-09-15 16:09:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-15 15:17:35 ----SD---- C:\Documents and Settings\USER\Application Data\Microsoft
2010-09-14 23:15:33 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-14 17:43:16 ----D---- C:\Program Files\Windows Media Player
2010-09-14 17:24:32 ----A---- C:\WINDOWS\win.ini
2010-09-14 17:23:55 ----D---- C:\WINDOWS\Help
2010-09-14 03:01:48 ----D---- C:\Program Files\Internet Explorer
2010-09-12 22:48:40 ----D---- C:\Program Files\Movie Maker
2010-09-12 15:20:21 ----D---- C:\Documents and Settings\USER\Application Data\IDM
2010-09-12 10:57:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-12 10:54:14 ----D---- C:\WINDOWS\AppPatch
2010-09-12 10:54:13 ----D---- C:\WINDOWS\system32\Setup
2010-09-12 10:54:12 ----D---- C:\WINDOWS\system32\wbem
2010-09-12 10:54:12 ----D---- C:\Program Files\Fichiers communs\System
2010-09-12 10:54:11 ----RSD---- C:\WINDOWS\Fonts
2010-09-12 10:51:07 ----D---- C:\Program Files\Outlook Express
2010-09-12 10:46:13 ----D---- C:\Program Files\Messenger
2010-09-12 10:45:44 ----D---- C:\WINDOWS\security
2010-09-12 10:41:24 ----D---- C:\WINDOWS\ehome
2010-09-12 10:41:21 ----D---- C:\WINDOWS\system32\inetsrv
2010-09-12 10:41:20 ----D---- C:\WINDOWS\ime
2010-09-12 10:40:49 ----D---- C:\WINDOWS\system32\usmt
2010-09-12 10:40:46 ----D---- C:\WINDOWS\PeerNet
2010-09-12 10:36:54 ----D---- C:\WINDOWS\ServicePackFiles
2010-09-12 10:36:42 ----D---- C:\WINDOWS\system32\Restore
2010-09-12 10:36:42 ----D---- C:\WINDOWS\system32\npp
2010-09-12 10:36:40 ----D---- C:\WINDOWS\msagent
2010-09-12 10:36:39 ----D---- C:\WINDOWS\srchasst
2010-09-12 10:36:37 ----D---- C:\Program Files\NetMeeting
2010-09-12 10:36:36 ----D---- C:\WINDOWS\system32\Com
2010-09-12 10:36:32 ----D---- C:\Program Files\Windows NT
2010-09-12 10:35:58 ----D---- C:\WINDOWS\system32\oobe
2010-09-12 10:35:55 ----D---- C:\WINDOWS\system
2010-09-11 16:42:46 ----SHD---- C:\RECYCLER
2010-09-07 21:37:18 ----D---- C:\Documents and Settings\USER\Application Data\Adobe
2010-09-06 12:23:24 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-25 17:26:02 ----SHD---- C:\System Volume Information
2010-08-23 13:08:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-23 12:29:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-22 19:40:32 ----D---- C:\Program Files\Fichiers communs
2010-08-18 00:14:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-17 23:54:42 ----D---- C:\WINDOWS\Media
2010-08-17 13:17:06 ----A---- C:\WINDOWS\system32\spoolsv.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface); C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-08-12 21361]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-09-07 243200]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-01-29 984832]
R3 ULI5261XP;ULi M526X Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys []
S3 HSFHWALI;HSFHWALI; C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-03-17 520192]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-07-19 259440]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

et celui d'Hitjakt
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:36:12, on 16/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OLITEC\Common\Olitec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\USER\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: OLITEC Wireless Utility.lnk = C:\Program Files\OLITEC\Common\Olitec.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 6387 bytes
merci
Cath
Contenus similaires
17 Septembre 2010 11:46:52

Bonjour,

il manque le rapport info.txt de RSIT.

A+
17 Septembre 2010 11:56:12

frederix a dit :
Bonjour,

il manque le rapport info.txt de RSIT.

A+


merci.
je ne suis plus devant son pc. je pensais avoir tout copié. dommage.
voici le log de malwarebytes mais les signatures n'étaient pas à jour car impossible de se connecter...
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/09/2010 21:22:46
mbam-log-2010-09-16 (21-22-46).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 149066
Temps écoulé: 34 minute(s), 44 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{b03a4be6-5e5a-b9b3-483e-c484d4b20b72} (Spyware.OnlineGames) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> No action taken.

17 Septembre 2010 11:59:41

Re,

le rapport MBAM indique Aucune action entreprise
Refais la manip' avec et supprime tout ce qu' il trouve...

:sarcastic: 
17 Septembre 2010 12:33:21

frederix a dit :
Re,

le rapport MBAM indique Aucune action entreprise
Refais la manip' avec et supprime tout ce qu' il trouve...

:sarcastic: 


ok.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS