Virus qui copie et cache mes fichier.

[Résolu/Fermé]
Signaler
Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
-
 Utilisateur anonyme -
Bonjour,
j'ai un virus assez bizarre qui s'installe sur toute les clef usb que j'inserre dans mon ordinateur. il se met a cacher (dans les propriete) tout les fichier et a creer un fichier executable du meme nom mais dont l'icone et celui d'un dossier.et quand je double clicque dessus ca ouvre le dossier (comme si s'etait un raccourci).je soupsonne que ce soit un autorun.inf car il a modifer le menu contextuel des clef usb.
svp aidez moi, je ne m'y connais pas tres bien en informatique.
p.s:je suis sous xp, sp2.(si ca peut vous aidez)
merci d'avance

15 réponses


Salut,

Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt
Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
salut et merci de repondre si vite,
voici le log de rsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by Daking at 2009-04-18 01:03:33
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (2%) free of 100 GB
Total RAM: 502 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:28 AM, on 4/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\Daking\LOCALS~1\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\WINDOWS\system32\D5CBFF\94416E.EXE
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\1DDCF0\PV-D071.EXE
C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daking\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Daking.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.us.acer.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Daking\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: 94416E.lnk = C:\WINDOWS\system32\D5CBFF\94416E.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EC39020-ED74-4229-8530-44DA1EA08944}: NameServer = 196.44.250.214 196.44.250.215
O17 - HKLM\System\CS3\Services\Tcpip\..\{3EC39020-ED74-4229-8530-44DA1EA08944}: NameServer = 196.44.250.214 196.44.250.215
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9b082e721301e) (gupdate1c9b082e721301e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Telecharge et install UsbFix

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
voila:


############################## [ UsbFix V3.008 ]

# User : Daking (Administrators) # ACER-E692717CC7
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 1:18:21 AM | 4/18/2009

# Genuine Intel(R) CPU T1350 @ 1.86GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

# C:\ # Local Fixed Disk # 97.63 Go (1.58 Go free) [ACER] # FAT32
# D:\ # CD-ROM Disc
# E:\ # CD-ROM Disc # 8.22 Mo (0 Mo free) [Mobile Partner] # CDFS
# F:\ # Local Fixed Disk # 232.83 Go (226.42 Go free) [My Passport] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\Daking\LOCALS~1\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\WINDOWS\system32\D5CBFF\94416E.EXE
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\1DDCF0\PV-D071.EXE
C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://en.us.acer.yahoo.com"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Daking"
HKLM_logon: "AltDefaultUserName"="Daking"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKCU_Run: FlashGet="C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: Google Update="C:\Documents and Settings\Daking\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM_Run: LaunchApp=Alaunch
HKLM_Run: AGRSMMSG=AGRSMMSG.exe
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: SkyTel=SkyTel.EXE
HKLM_Run: Alcmtr=ALCMTR.EXE
HKLM_Run: AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKLM_Run: ntiMUI=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
HKLM_Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
HKLM_Run: Acer ePresentation HPD=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
HKLM_Run: igfxtray=C:\WINDOWS\system32\igfxtray.exe
HKLM_Run: igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
HKLM_Run: igfxpers=C:\WINDOWS\system32\igfxpers.exe
HKLM_Run: ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
HKLM_Run: Boot=C:\Acer\Empowering Technology\ePower\Boot.exe
HKLM_Run: LManager=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
HKLM_Run: eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
HKLM_Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
HKLM_Run: LogitechCameraAssistant=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
HKLM_Run: LogitechVideo[inspector]=C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
HKLM_Run: LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
HKLM_Run: Gigaget="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
HKLM_Run: FlashGet="C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

################## [ Informations ]

# Contenu de l'autorun E:\autorun.inf
[AutoRun]
open=AutoRun.exe
icon=AutoRun.ico


# Contenu de l'autorun F:\autorun.inf
[AutoRun]
open=Recycled.exe
shell\1=´ò¿ª(&O)
shell\1\Command=Recycled.exe
shell\2\=ä¯ÀÀ(&B)
shell\2\Command=Recycled.exe
shellexecute=Recycled.exe


# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]

Found ! E:\autorun.exe
Found ! E:\autorun.inf
Found ! F:\autorun.exe
Found ! F:\Recycled.exe
Found ! F:\Setup.exe
Found ! F:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{1b811c6a-13b2-11de-b0ca-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{29659633-1176-11de-b0c9-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{29659633-1176-11de-b0c9-0018de474b3b}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{29659634-1176-11de-b0c9-0018de474b3b}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{29659634-1176-11de-b0c9-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{745c7436-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{745c7436-040a-11de-b0b3-0018de474b3b}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{745c7437-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{745c7438-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{745c7439-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{745c743a-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9497a266-0a40-11de-b0c3-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9497a267-0a40-11de-b0c3-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ca32592c-28f2-11de-b0e1-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ca32592d-28f2-11de-b0e1-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ca32592e-28f2-11de-b0e1-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ca32592e-28f2-11de-b0e1-0018de474b3b}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{cacb5d4a-0582-11de-b0b8-0018de474b3b}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{cacb5d4a-0582-11de-b0b8-0018de474b3b}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{cacb5d4a-0582-11de-b0b8-0018de474b3b}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ecdc3b98-0d66-11de-b0c6-0018de474b3b}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.008 ! ]

a +

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
voila, desole du retard mon modem usb (va savoir si c'est une coincidence) voulais plus ouvrir son autorun.

log:


############################## [ UsbFix V3.008 ]

# User : Daking (Administrators) # ACER-E692717CC7
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 1:35:05 AM | 4/18/2009

# Genuine Intel(R) CPU T1350 @ 1.86GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

# C:\ # Local Fixed Disk # 97.63 Go (1.58 Go free) [ACER] # FAT32
# D:\ # CD-ROM Disc
# F:\ # Local Fixed Disk # 232.83 Go (226.42 Go free) [My Passport] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! F:\autorun.exe
Deleted ! F:\Recycled.exe
Deleted ! F:\Setup.exe
Deleted ! F:\"autorun.inf"

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1b811c6a-13b2-11de-b0ca-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{29659633-1176-11de-b0c9-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{29659633-1176-11de-b0c9-0018de474b3b}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{29659634-1176-11de-b0c9-0018de474b3b}\Shell\Auto\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{29659634-1176-11de-b0c9-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{745c7436-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{745c7436-040a-11de-b0b3-0018de474b3b}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{745c7437-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{745c7438-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{745c7439-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{745c743a-040a-11de-b0b3-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{9497a266-0a40-11de-b0c3-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{9497a267-0a40-11de-b0c3-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ca32592d-28f2-11de-b0e1-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ca32592e-28f2-11de-b0e1-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ca32592e-28f2-11de-b0e1-0018de474b3b}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{cacb5d4a-0582-11de-b0b8-0018de474b3b}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{cacb5d4a-0582-11de-b0b8-0018de474b3b}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{cacb5d4a-0582-11de-b0b8-0018de474b3b}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ecdc3b98-0d66-11de-b0c6-0018de474b3b}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
F:\JSTART.exe
F:\WDSetup.exe
F:\WDSync.exe
F:\WD_Windows_Tools.exe
F:\Documentation.exe
F:\WD Sync Data.exe
F:\System Volume Information.exe
F:\Install.ini

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.008 ! ]

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir


# Copie le texte en gras ci-dessous :


E:\Recycle\P-1-3-64-8794238531-8742492-9897532\Furio.exe
E:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe
E:\RECYCLER\S-1-6-21-2438476501-1644491937-701003331-1213\WinMgmt.exe



# Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de UsbSript.txt

# Glisse maintenant le fichier UsbScript.txt sur le raccourci UsbFix sur ton bureau: comme ceci

# ça va relancer UsbFix .

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )



Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
j'ai fait comme indique mais quand il usbfix s'ouvre il ya le menu qui me demande de faire un choix.je prend lequel?

T a bien renomé le document ainsi : usbscript ? le .txt se met tout seul ..
Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
oui oui c'est ce que j'avais fait.mais pourtant ca demande de choisir une action.il ya quelque chose a changer dans ses "attributes"? il est en "archive".

Pas grave ,

branche le lecteur E :

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :



:processes
explorer.exe


:files
E:\Recycle\P-1-3-64-8794238531-8742492-9897532\Furio.exe
E:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Ri­sinG.exe
E:\RECYCLER\S-1-6-21-2438476501-1644491937-701003331-1213\Wi­nMgmt.exe


:commands
[emptytemp]
[start explorer]



---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
le probleme c'est que le lecteur E: c'est mon modem usb (clef internet).
c'est bien ca le marche a suivre?

il est infecté .. tu peux faire la manip
Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
voila,

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder E:\Recycle\P-1-3-64-8794238531-8742492-9897532\Furio.exe not found.
File/Folder E:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Ri sinG.exe not found.
File/Folder E:\RECYCLER\S-1-6-21-2438476501-1644491937-701003331-1213\Wi nMgmt.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\e4j4D.tmp_dir18258\exe4jlib.jar scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8C41GA24\st[2] scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CVKTM3GR\CAY3M3MH.htm scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\krnln.fnr scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\HtmlView.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\internet.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\spec.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\eAPI.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\shell.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\dp1.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\~DFDC16.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\etilqs_VLm9RJzaPTAhrpX scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\Perflib_Perfdata_f34.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\~DFDD93.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\~DF23A0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\etilqs_ooYrx25649CVqEj scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Daking\LOCALS~1\Temp\TMP62.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Daking\Local Settings\Temporary Internet Files\Content.IE5\8LEJGPUN\c[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Daking\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_140.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b38.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_124105

Files moved on Reboot...
C:\DOCUME~1\Daking\LOCALS~1\Temp\e4j4D.tmp_dir18258\exe4jlib.jar moved successfully.
File C:\DOCUME~1\Daking\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8C41GA24\st[2] not found!
File C:\DOCUME~1\Daking\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CVKTM3GR\CAY3M3MH.htm not found!
C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\krnln.fnr moved successfully.
C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\HtmlView.fne moved successfully.
C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\internet.fne moved successfully.
C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\spec.fne moved successfully.
C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\eAPI.fne moved successfully.
C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\shell.fne moved successfully.
C:\DOCUME~1\Daking\LOCALS~1\Temp\E_N4\dp1.fne moved successfully.
C:\DOCUME~1\Daking\LOCALS~1\Temp\RtkBtMnt.exe moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Daking\LOCALS~1\Temp\swt-win32-3448.dll
C:\DOCUME~1\Daking\LOCALS~1\Temp\swt-win32-3448.dll NOT unregistered.
C:\DOCUME~1\Daking\LOCALS~1\Temp\swt-win32-3448.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Daking\LOCALS~1\Temp\swt-gdip-win32-3448.dll
C:\DOCUME~1\Daking\LOCALS~1\Temp\swt-gdip-win32-3448.dll NOT unregistered.
C:\DOCUME~1\Daking\LOCALS~1\Temp\swt-gdip-win32-3448.dll moved successfully.
C:\DOCUME~1\Daking\LOCALS~1\Temp\~DFDC16.tmp moved successfully.
File C:\DOCUME~1\Daking\LOCALS~1\Temp\etilqs_VLm9RJzaPTAhrpX not found!
File C:\DOCUME~1\Daking\LOCALS~1\Temp\Perflib_Perfdata_f34.dat not found!
C:\DOCUME~1\Daking\LOCALS~1\Temp\~DFDD93.tmp moved successfully.
File C:\DOCUME~1\Daking\LOCALS~1\Temp\~DF23A0.tmp not found!
File C:\DOCUME~1\Daking\LOCALS~1\Temp\etilqs_ooYrx25649CVqEj not found!
C:\DOCUME~1\Daking\LOCALS~1\Temp\TMP62.tmp moved successfully.
C:\Documents and Settings\Daking\Local Settings\Temporary Internet Files\Content.IE5\8LEJGPUN\c[1].htm moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_140.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_b38.dat moved successfully.

ok , toujours des soucis ?
Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
yahooooooo, meci infiniment ca a marche.
donc fodreai ke je suive ses etape si ca se reproduit???
merci et a bientot peut etre.

Là t es protégé par la vaccination de usbfix ,

Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
le log:

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\_OtMoveIt: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Daking\Start Menu\Programs\UsbFix: trouvé !
C:\Documents and Settings\Daking\Start Menu\Programs\UsbFix\UsbFix.lnk: trouvé !
C:\Documents and Settings\Daking\Recent\UsbFix.lnk: trouvé !
C:\Documents and Settings\Daking\My Documents\Downloads\HJTInstall.exe: trouvé !
C:\Documents and Settings\Daking\My Documents\Downloads\UsbFix.exe: trouvé !
C:\Documents and Settings\Daking\Desktop\HijackThis.lnk: trouvé !
C:\Documents and Settings\Daking\Desktop\UsbFix.lnk: trouvé !
C:\Documents and Settings\Daking\Desktop\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Daking\Desktop\Rsit.exe: trouvé !
C:\Program Files\trend micro\HijackThis: trouvé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\trend micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Daking\My Documents\Downloads\HJTInstall.exe: supprimé !
C:\Documents and Settings\Daking\Desktop\HijackThis.lnk: supprimé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\Daking\Start Menu\Programs\UsbFix\UsbFix.lnk: supprimé !
C:\Documents and Settings\Daking\Recent\UsbFix.lnk: supprimé !
C:\Documents and Settings\Daking\My Documents\Downloads\UsbFix.exe: supprimé !
C:\Documents and Settings\Daking\Desktop\UsbFix.lnk: supprimé !
C:\Documents and Settings\Daking\Desktop\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Daking\Desktop\Rsit.exe: supprimé !
C:\Program Files\trend micro\HijackThis\hijackthis.log: supprimé !
C:\_OtMoveIt: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
C:\Documents and Settings\Daking\Start Menu\Programs\UsbFix: supprimé !
C:\Program Files\trend micro\HijackThis: supprimé !

OK , bon week end ;)
Messages postés
134
Date d'inscription
vendredi 17 avril 2009
Statut
Membre
Dernière intervention
29 janvier 2010
2
Encore une fois merci Chiquitine29,
Bon weekend.

de nada