Bonjour,
le rapport que j'ai reçu après une analyse avec Usfix. Que dois je faire avec?
############################## [ UsbFix V3.018 # Scan ]
# User : Utilisateur (Administrateurs) # D610-FFHLM81
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 16:25:41 | 13/05/2009
# Intel(R) Pentium(R) M processor 1.86GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : F-Secure Client Security 7.12 7.12 [ Enabled | Updated ]
# FW : F-Secure Client Security 7.12[ (!) Disabled ]7.12
# C:\ # Disque fixe local # 55,89 Go (10,61 Go free) # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque amovible # 962,2 Mo (721,94 Mo free) # FAT
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "
HKCU_Main: "Start Page"="http://www.freewebtown.com/alrefai/login.live.html"
HKCU_Main: "Window Title"=" .-~= Hacked by ( ProoHack )X =~-. "
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Utilisateur"
HKLM_logon: "AltDefaultUserName"="Utilisateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: Broadcom Wireless Manager UI=C:\WINDOWS\system32\WLTRAY.exe
HKLM_Run: igfxtray=C:\WINDOWS\System32\igfxtray.exe
HKLM_Run: igfxhkcmd=C:\WINDOWS\System32\hkcmd.exe
HKLM_Run: igfxpers=C:\WINDOWS\System32\igfxpers.exe
HKLM_Run: ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKLM_Run: IntelZeroConfig="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
HKLM_Run: IntelWireless="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
HKLM_Run: DLA=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
HKLM_Run: ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKLM_Run: ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
HKLM_Run: Adobe Photo Downloader="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: F-Secure Manager="C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
HKLM_Run: F-Secure TNB="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
HKLM_Run: SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
HKLM_Run: regdiit=C:\WINDOWS\system32\win.exe
HKLM_Run: CTFMON=C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: Yahoo! Pager="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: MediaDico=C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\WINDOWS\system32\win.exe
Found ! C:\WINDOWS\system32\winjpg.jpg
Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! F:\winfile.jpg
Found ! F:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
Found ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe
Found ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\MSConfig.exe
Found ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{040f488c-ebd4-11dd-a36c-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0aa4aede-2460-11de-a3ee-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0aa4aede-2460-11de-a3ee-0013ce2a6420}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{1ae0748c-155f-11de-a3c6-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{1ae0748c-155f-11de-a3c6-0013ce2a6420}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{1e200ba1-3b97-11dd-a1bf-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{3d244f19-16fb-11dd-a123-0013ce2a6420}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{3d244f19-16fb-11dd-a123-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{3d244f19-16fb-11dd-a123-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{3d244f19-16fb-11dd-a123-0013ce2a6420}\Shell\find\Command
HKCU\Software\Microsoft\....\MountPoints2\{3d244f19-16fb-11dd-a123-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{3d244f1a-16fb-11dd-a123-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{459e6ade-f521-11dd-a37e-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{459e6ade-f521-11dd-a37e-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{459e6ade-f521-11dd-a37e-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{59fb31ef-f790-11dd-a382-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{59fb31ef-f790-11dd-a382-0013ce2a6420}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{5a56756e-34fd-11dd-a1a7-0013ce2a6420}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{5a56756e-34fd-11dd-a1a7-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5ee140bc-3ed6-11de-a431-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{626532ea-3e5c-11de-a42f-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{76940e7c-0a63-11dd-a10c-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{76940e7c-0a63-11dd-a10c-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{76940e7c-0a63-11dd-a10c-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{9b842f9c-9798-11dd-a297-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9b842f9c-9798-11dd-a297-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{9b842f9c-9798-11dd-a297-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{9c498af8-f6ca-11dd-a381-00123ff23b9e}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9ebeb966-ebd5-11dd-a36d-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9ebeb966-ebd5-11dd-a36d-0013ce2a6420}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{9eeb2ab4-8bf9-11dd-a27e-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9eeb2ab4-8bf9-11dd-a27e-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{9eeb2ab4-8bf9-11dd-a27e-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{a8f444ec-187f-11de-a3d0-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{a8f444ec-187f-11de-a3d0-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{a8f444ec-187f-11de-a3d0-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ac630666-131d-11de-a3c2-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ac630666-131d-11de-a3c2-0013ce2a6420}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{adea8f74-2211-11de-a3e9-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b6007562-a9c0-11dd-a2c9-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b6007562-a9c0-11dd-a2c9-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{b6007562-a9c0-11dd-a2c9-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{c7789f2a-be0d-11dd-a2f7-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c7789f2a-be0d-11dd-a2f7-0013ce2a6420}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{c7789f2f-be0d-11dd-a2f7-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c7789f2f-be0d-11dd-a2f7-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{c96b9adb-9203-11dd-a28b-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d09bdce6-1c65-11de-a3dc-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d09bdce6-1c65-11de-a3dc-0013ce2a6420}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{d63c513c-09a9-11de-a3af-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d63c513c-09a9-11de-a3af-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{d63c513c-09a9-11de-a3af-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{d877a4c6-836e-11dd-a26f-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d877a4c6-836e-11dd-a26f-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{d877a4c6-836e-11dd-a26f-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{d9860532-a9b7-11dd-a2c8-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d9860532-a9b7-11dd-a2c8-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{d9860532-a9b7-11dd-a2c8-0013ce2a6420}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ef7c2d58-f3ff-11dc-a0e0-0013ce2a6420}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{ef7c2d58-f3ff-11dc-a0e0-0013ce2a6420}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ef7c2d58-f3ff-11dc-a0e0-0013ce2a6420}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{ef7c2d58-f3ff-11dc-a0e0-0013ce2a6420}\Shell\find\Command
HKCU\Software\Microsoft\....\MountPoints2\{ef7c2d58-f3ff-11dc-a0e0-0013ce2a6420}\Shell\open\Command
################## [ ! Fin du rapport # UsbFix V3.018 ! ]
Afficher la suite
