Winjpg.jpg

MAKH -  
 momo22 -
Bonjour,

############################## [ UsbFix V3.017 # Scan ]

# User : Administrateur (Administrateurs) # A
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:31:22 | 06/05/2009

# Intel(R) Celeron(R) D CPU 3.06GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 19,53 Go (5,76 Go free) # NTFS
# D:\ # Disque fixe local # 54,99 Go (8,23 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque fixe local # 149,04 Go (115,48 Go free) # NTFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\FixCamera.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main:
HKCU_Main: Console - Windows Trust 2.00
HKCU_Main: (c) 2007-2008
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
HKCU_Main: "Start Page"="https://www.google.com/?gws_rd=ssl"
HKLM_logon:
HKLM_logon: Console - Windows Trust 2.00
HKLM_logon: (c) 2007-2008
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run:
HKLM_Run: Console - Windows Trust 2.00
HKLM_Run: (c) 2007-2008
HKLM_Run: Vistadrv=C:\Program Files\VistaDriveStatus\vsdrv.exe
HKLM_Run: AVP="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: SiSPower=Rundll32.exe SiSPower.dll,ModeAgent
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: Alcmtr=ALCMTR.EXE
HKLM_Run: AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: FixCamera=C:\WINDOWS\FixCamera.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: Athan=C:\Program Files\Athan\Athan.exe
HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: CTFMON=C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
HKLM_Run: regdiit=C:\WINDOWS\system32\winxp.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run:
HKCU_Run: Console - Windows Trust 2.00
HKCU_Run: (c) 2007-2008
HKCU_Run: DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: Google Update="C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=

################## [ Informations ]

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\winjpg.jpg
Found ! C:\WINDOWS\system32\winxp.exe
Configuration: Windows XP
Firefox 3.0.10

3 réponses

  1. Utilisateur anonyme
     
    gras> (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir</gras>

    • Double clic sur le raccourci UsbFix présent sur ton bureau

    • choisis l'option 2 ( Suppression )

    • Ton bureau disparaitra et le pc redémarrera .

    • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0
    1. amel
       
      J'ai le meme problème
      voici le rapport
      ############################## | UsbFix 7.035 | [Recherche]

      Utilisateur: RAM Computer (Administrateur) # RAMCOMPUTER [ ]
      Mis à jour le 05/12/10 par El Desaparecido / C_XX
      Lancé à 11:13:28 | 15/12/2010
      Site Web: http://www.teamxscript.org
      Contact: eldesaparecido@teamxscript.org

      CPU: Intel(R) Pentium(R) 4 CPU 2.40GHz
      Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
      Internet Explorer 8.0.6001.18702

      Pare-feu Windows: Activé
      Antivirus: AntiVir Desktop 9.0.1.32 [Enabled | Updated]
      RAM -> 511 Mo
      C:\ (%systemdrive%) -> Disque fixe # 39 Go (9 Go libre(s) - 23%) [winXP] # NTFS
      D:\ -> Disque fixe # 20 Go (14 Go libre(s) - 70%) [DONNEES] # NTFS
      E:\ -> Disque fixe # 18 Go (16 Go libre(s) - 91%) [DIVERS] # NTFS
      F:\ -> CD-ROM
      H:\ -> CD-ROM

      ################## | Éléments infectieux |


      Présent! C:\Documents and Settings\RAM Computer\Application Data\Bifrost
      Présent! C:\Program Files\System
      Présent! C:\DOCUME~1\RAMCOM~1\LOCALS~1\Temp\1.exe
      Présent! C:\DOCUME~1\RAMCOM~1\LOCALS~1\Temp\50comupd.exe
      Présent! C:\tmp

      ################## | Registre |

      Présent! HKLM\Software\Bifrost
      Présent! HKCU\Software\Bifrost
      Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwtsn32.exe
      Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwwinxp.exe
      Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSConfig.exe
      Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
      Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
      Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
      Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
      Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoClose
      Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFileMenu
      Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun
      Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CTFMON
      Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|regdiit

      ################## | Mountpoints2 |

      HKCU\.\.\.\.\Explorer\MountPoints2\{12068114-211f-11de-ba43-000d87e3ea50}
      Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vAuoCey.eXE

      HKCU\.\.\.\.\Explorer\MountPoints2\{7c9856f6-4b17-11df-9a0f-000d87e3ea50}
      Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

      HKCU\.\.\.\.\Explorer\MountPoints2\{b4cea7c8-b025-11df-9ac6-000d87e3ea50}
      Shell\AutoRun\Command = G:\AutoRun.exe

      HKCU\.\.\.\.\Explorer\MountPoints2\{b4cea7cb-b025-11df-9ac6-000d87e3ea50}
      Shell\AutoRun\Command = G:\AutoRun.exe

      HKCU\.\.\.\.\Explorer\MountPoints2\{b4cea7ce-b025-11df-9ac6-000d87e3ea50}
      Shell\AutoRun\Command = G:\AutoRun.exe

      HKCU\.\.\.\.\Explorer\MountPoints2\{b4cea7cf-b025-11df-9ac6-000d87e3ea50}
      Shell\AutoRun\Command = G:\AutoRun.exe


      ################## | Vaccin |

      (!) Cet ordinateur n'est pas vacciné!

      ################## | E.O.F |
      0
  2. mohamed
     
    salut je voudrais windows système32/script win jpg.jpg s'il vous plais
    0
  3. momo22
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:50:17, on 25/01/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
    E:\Program Files\Java\jre6\bin\jqs.exe
    E:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    E:\WINDOWS\system32\notepad.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Documents and Settings\UTI\Mes documents\Téléchargements\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - E:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [EPSON_UD_START] "E:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
    O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKCU\..\Run: [swg] "E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Ajouter à l'Anti-bannière - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://E:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chu-sba.lc
    O17 - HKLM\Software\..\Telephony: DomainName = chu-sba.lc
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7037D527-B5B0-4C6A-896C-D967BDC2D35E}: NameServer = 172.16.75.5
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = chu-sba.lc
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = chu-sba.lc
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,E:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: EMP_UDSA - SEIKO EPSON CORPORATION - E:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - E:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - E:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - E:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    0