Probleme virus Rootkit-Agent.CW introuvable

amandine84 Messages postés 31 Statut Membre -  
 gen-hackman -
Bonjour,
J'ai un problème..j'ai un Rootkit-Agent.CW sur mon ordinateur, j'ai fait tourner avg, spybot, ad-aware, et spyware terminator et rien n'y fait, le bouclier résident de avg m'annonce toujours que j'ai ce Rootkit à des endroit différents...
J'ai voulu démarer Hijack tuhis et il ne s'ouvre plus..
Je n'ai plus de solution..
Quelqu'un pourrai m'aider svppp???

Merci Beaucoup!
Configuration: Windows XP Internet Explorer 7.0

13 réponses

  1. gen-hackman
     
    salut

    ######## | XP _ Instal & recherche | #######

    Telecharge et install UsbFix (de C_XX & Chiquitine29)

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

    # Double clic sur le raccourci UsbFix présent sur ton bureau .

    # Choisi l option 1 ( Recherche )

    # Laisse travailler l outil.

    # Ensuite post le rapport UsbFix.txt qui apparaitra.

    # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    # Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    0
    1. amandine84 Messages postés 31 Statut Membre
       
      ok j'essai je reviens
      merci :)
      0
    2. amandine84 Messages postés 31 Statut Membre
       
      voila :




      ############################## [ UsbFix V3.017 # Scan ]

      # User : utilisateur (Administrateurs) # BMC
      # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 15:17:25 | 07/05/2009

      # Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
      # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 7.0.5730.11
      # Windows Firewall Status : Enabled
      # AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

      # C:\ # Disque fixe local # 48,83 Go (18,92 Go free) # NTFS
      # D:\ # Disque fixe local # 48,83 Go (23,89 Go free) # NTFS
      # E:\ # Disque fixe local # 51,39 Go (759,06 Mo free) [BMC Communication] # NTFS
      # F:\ # Disque CD-ROM

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wpv281241585709.exe
      C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\JMRaidTool.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\SkyTel.EXE
      C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
      C:\WINDOWS\V0230Mon.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wpv281241585709.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Registre # Startup ]

      HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      HKCU_Main: "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      HKCU_Main: "Start Page"="https://www.google.fr"
      HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      HKLM_logon: "DefaultUserName"="utilisateur"
      HKLM_logon: "AltDefaultUserName"="utilisateur"
      HKLM_logon: "LegalNoticeCaption"=""
      HKLM_logon: "LegalNoticeText"=""
      HKLM_Run: JMB36X Configure=C:\WINDOWS\system32\JMRaidTool.exe boot
      HKLM_Run: RTHDCPL=RTHDCPL.EXE
      HKLM_Run: SkyTel=SkyTel.EXE
      HKLM_Run: Alcmtr=ALCMTR.EXE
      HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      HKLM_Run: nwiz=nwiz.exe /install
      HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      HKLM_Run: Adobe Version Cue CS2="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
      HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
      HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
      HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
      HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKCU_Run: utilisateur=C:\Documents and Settings\utilisateur\utilisateur.exe /i

      ################## [ Informations ]


      ################## [ Fichiers # Dossiers infectieux ]

      Found ! "C:\Documents and Settings\utilisateur\RavMonLog"

      ################## [ Registre # Clés Run infectieuses ]

      Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
      Found ! HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
      Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll

      ################## [ Registre # Mountpoints2 ]

      HKCU\Software\Microsoft\....\MountPoints2\{2d8c7d31-a081-11db-9d34-001617d287c5}\Shell\Auto\command
      HKCU\Software\Microsoft\....\MountPoints2\{2d8c7d31-a081-11db-9d34-001617d287c5}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{41ba7482-7fbf-11db-b651-806d6172696f}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{bf11ef60-9350-11dc-9ca4-001617d287c5}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{ce098677-17ef-11dc-82f5-001617d287c5}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{ee4821be-fec3-11db-9d97-001617d287c5}\Shell\Auto\command
      HKCU\Software\Microsoft\....\MountPoints2\{ee4821be-fec3-11db-9d97-001617d287c5}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{fec1a976-a97d-11dd-9ccb-001617d287c5}\Shell\AutoRun\command

      ################## [ ! Fin du rapport # UsbFix V3.017 ! ]
      0
  2. gen-hackman
     
    as-tu des rapports des differents scan precedents ? les derniers en date si possible merci
    0
    1. amandine84 Messages postés 31 Statut Membre
       
      comme quels scan?je veux dire de quel logiciel?
      0
  3. gen-hackman
     
    ok :

    ######## | Suppression | ########

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

    # Double clic sur le raccourci UsbFix présent sur ton bureau

    # choisi l option 2 ( Suppression )

    # Ton bureau disparaitra et le pc redémarrera .

    # Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

    # Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    ######### | Désinstallation | #######

    # Double clic sur le raccourci UsbFix présent sur ton bureau

    # Choisi l option Désinstaller ....

    laisse tomber pour les rapports


    supprime AD-Aware
    0
    1. amandine84 Messages postés 31 Statut Membre
       
      ############################## [ UsbFix V3.017 # Cleaning ]

      # User : utilisateur (Administrateurs) # BMC
      # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 15:31:10 | 07/05/2009

      # Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
      # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 7.0.5730.11
      # Windows Firewall Status : Enabled
      # AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

      # C:\ # Disque fixe local # 48,83 Go (18,91 Go free) # NTFS
      # D:\ # Disque fixe local # 48,83 Go (23,89 Go free) # NTFS
      # E:\ # Disque fixe local # 51,39 Go (759,07 Mo free) [BMC Communication] # NTFS
      # F:\ # Disque CD-ROM
      # G:\ # Disque fixe local # 186,26 Go (30,06 Go free) [SAUVGARDES] # FAT32

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wpv281241585709.exe
      C:\WINDOWS\system32\wpv281241585709.exe
      C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Fichiers # Dossiers infectieux ]

      (!) Not Deleted ! "C:\Documents and Settings\utilisateur\RavMonLog"

      ################## [ Registre # Clés Run infectieuses ]

      # HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
      # HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
      # HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll

      ################## [ Registre # Mountpoints2 ]

      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2d8c7d31-a081-11db-9d34-001617d287c5}\Shell\Auto\command
      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41ba7482-7fbf-11db-b651-806d6172696f}\Shell\AutoRun\command
      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bf11ef60-9350-11dc-9ca4-001617d287c5}\Shell\AutoRun\command
      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ce098677-17ef-11dc-82f5-001617d287c5}\Shell\AutoRun\command
      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ee4821be-fec3-11db-9d97-001617d287c5}\Shell\Auto\command
      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fec1a976-a97d-11dd-9ccb-001617d287c5}\Shell\AutoRun\command

      ################## [ Listing des fichiers présent ]

      [29/11/2006 16:59|--a------|0] - C:\AUTOEXEC.BAT
      [28/08/2008 09:08|---hs----|212] - C:\boot.ini
      [02/03/2006 14:00|-rahs----|4952] - C:\Bootfont.bin
      [29/11/2006 16:59|--a------|0] - C:\CONFIG.SYS
      [29/11/2006 16:59|-rahs----|0] - C:\IO.SYS
      [02/11/2007 18:04|--a------|654852] - C:\master.pdf
      [29/11/2006 16:59|-rahs----|0] - C:\MSDOS.SYS
      [02/03/2006 14:00|-rahs----|47564] - C:\NTDETECT.COM
      [17/11/2008 10:09|-rahs----|252240] - C:\ntldr
      [?|?|?] - C:\pagefile.sys
      [08/01/2007 13:18|--a------|1684] - C:\temp.log
      [07/05/2009 15:32|--a------|8903] - C:\UsbFix.txt

      ################## [ Vaccination ]

      # C:\autorun.inf -> Folder created by UsbFix.
      # D:\autorun.inf -> Folder created by UsbFix.
      # E:\autorun.inf -> Folder created by UsbFix.

      ################## [ Cracks / Keygens / Serials ]

      # -> Nothing found !

      ################## [ ! Fin du rapport # UsbFix V3.017 ! ]
      0
    2. amandine84 Messages postés 31 Statut Membre
       
      pourquoi suprimer ad aware?
      0
  4. gen-hackman
     
    ok redemarre et repasses l'option 2 de USBFix
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    AD-Aware ne detecte plus rien
    0
    1. amandine84 Messages postés 31 Statut Membre
       
      je suis obiger de le desinstaller?
      0
  7. gen-hackman
     
    ben vu qu il sert à rien.....pourquoi tu l'as payé ?
    0
    1. amandine84 Messages postés 31 Statut Membre
       
      non mais bon des fois il me detecte des trucs..disons qu'il me derange pas..
      0
  8. gen-hackman
     
    ????? il detecte quoi ?? mdr

    prends spybot à la place tu verras tout ce qu il te detecte comparé à Ad-Aware
    0
    1. amandine84 Messages postés 31 Statut Membre
       
      oui je sais..lol..je l'ai aussi, je bosse encore un peu sur l'ordi et je redemarre pour refaire l'option 2..
      0
  9. gen-hackman
     
    ok
    0
    1. amandine84 Messages postés 31 Statut Membre
       
      ############################## [ UsbFix V3.017 # Cleaning ]

      # User : utilisateur (Administrateurs) # BMC
      # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 17:41:12 | 07/05/2009

      # Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
      # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 7.0.5730.11
      # Windows Firewall Status : Enabled
      # AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

      # C:\ # Disque fixe local # 48,83 Go (18,92 Go free) # NTFS
      # D:\ # Disque fixe local # 48,83 Go (23,89 Go free) # NTFS
      # E:\ # Disque fixe local # 51,39 Go (759,07 Mo free) [BMC Communication] # NTFS
      # F:\ # Disque CD-ROM
      # G:\ # Disque fixe local # 186,26 Go (3,87 Go free) [SAUVGARDES] # FAT32

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\logonui.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wpv281241585709.exe
      C:\WINDOWS\system32\wpv281241585709.exe
      C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\userinit.exe
      C:\WINDOWS\system32\KB905474\wgasetup.exe
      C:\WINDOWS\system32\KB905474\wgasetup.exe
      C:\WINDOWS\Explorer.EXE

      ################## [ Fichiers # Dossiers infectieux ]

      (!) Not Deleted ! "C:\Documents and Settings\utilisateur\RavMonLog"

      ################## [ Registre # Clés Run infectieuses ]


      ################## [ Registre # Mountpoints2 ]

      # -> Not Found !

      ################## [ Listing des fichiers présent ]

      [29/11/2006 16:59|--a------|0] - C:\AUTOEXEC.BAT
      [28/08/2008 09:08|---hs----|212] - C:\boot.ini
      [02/03/2006 14:00|-rahs----|4952] - C:\Bootfont.bin
      [29/11/2006 16:59|--a------|0] - C:\CONFIG.SYS
      [29/11/2006 16:59|-rahs----|0] - C:\IO.SYS
      [02/11/2007 18:04|--a------|654852] - C:\master.pdf
      [29/11/2006 16:59|-rahs----|0] - C:\MSDOS.SYS
      [02/03/2006 14:00|-rahs----|47564] - C:\NTDETECT.COM
      [17/11/2008 10:09|-rahs----|252240] - C:\ntldr
      [?|?|?] - C:\pagefile.sys
      [08/01/2007 13:18|--a------|1684] - C:\temp.log
      [07/05/2009 17:42|--a------|3072] - C:\UsbFix.txt
      [11/06/2008 14:54|--ahs----|7168] - G:\Thumbs.db

      ################## [ Vaccination ]

      # C:\autorun.inf -> Folder created by UsbFix.
      # D:\autorun.inf -> Folder created by UsbFix.
      # E:\autorun.inf -> Folder created by UsbFix.
      # G:\autorun.inf -> Folder created by UsbFix.

      ################## [ Cracks / Keygens / Serials ]

      # -> Nothing found !

      ################## [ ! Fin du rapport # UsbFix V3.017 ! ]
      0
  10. gen-hackman
     
    Salut,

    commences par ceci pour voir ce qu'il en est,avoir un diagnostic précis et donc repérer les infections possibles et les neutraliser:

    Télécharges et installes le logiciel de diagnostic :

    ici Hijackthis
    ou ici Hijackthis
    ou ici Hijackthis

    1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
    A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
    Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
    "C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

    tuto pour utilisation :(merci balltrap34)
    Regardes ici, c'est parfaitement expliqué en images ,

    2- !! Déconnectes toi et fermes toute tes applications en cours !!

    Cliques sur le raccourci du bureau pour lancer le prg :

    S'il ne se lance pas clique ici

    fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

    --->copies-colles le rapport généré pour analyse
    0
  11. amandine84 Messages postés 31 Statut Membre
     
    :D
    0