Ld08.exe et Norton qui refuse d'analyser ...
Fermé
CK9
-
19 mai 2009 à 21:00
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 4 juin 2009 à 03:25
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 4 juin 2009 à 03:25
A voir également:
- Ld08.exe et Norton qui refuse d'analyser ...
- Svchost exe - Guide
- .Exe - Télécharger - Divers Utilitaires
- Comment supprimer un fichier qui refuse d'être supprimé - Guide
- Norton gratuit - Télécharger - Antivirus & Antimalwares
- Frst64.exe - Télécharger - Sécurité
15 réponses
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
19 mai 2009 à 21:07
19 mai 2009 à 21:07
Bonjour,
Ton PC est infecté.
--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
Ton PC est infecté.
--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
19 mai 2009 à 21:18
19 mai 2009 à 21:18
--> Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Choisis l'option 1 (Recherche).
--> Laisse travailler l'outil.
--> Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Choisis l'option 1 (Recherche).
--> Laisse travailler l'outil.
--> Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Ha et oui, j'ai oublié de précisé que j'ai eu hier un petit problème avec la clé USB d'un pote (les dossiers devenaient cachés et de faux executables avec le même nom et une icone de dossier prenait leur place), problème qui s'est par la suite transféré à ma PSP !
J'ai lu quelques trucs sur le net et j'ai un peu bidouillé avec ce que j'ai lu (j'avais lancé Flash Disinfector ainsi qu'un VaccinUSB.exe), j'espère que ça va pas poser de problèmes :/
Voici le rapport USBfix :
############################## [ UsbFix V3.022 # Scan ]
# User : Oliv (Administrateurs) # Olivier
# Update on 19/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:28:15 | 19/05/2009
# AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Norton Internet Security 2007 [ Enabled | Updated ]
# FW : Norton Internet Security[ Enabled ]2007
# C:\ # Disque fixe local # 29,99 Go (16,19 Go free) [HDD] # NTFS
# D:\ # Disque fixe local # 260,28 Go (113,35 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible # 3,75 Go (1,3 Go free) # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\APPS\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\008157\FFE17D.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\system32\173DE6\V5-46EF1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Oliv"
HKLM_logon: "AltDefaultUserName"="Oliv"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
HKLM_Run: Vade Retro Outlook Express="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
HKLM_Run: DetectorApp=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
HKLM_Run: ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKLM_Run: ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
HKLM_Run: ccApp="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
HKLM_Run: OmniPass=C:\Apps\Softex\OmniPass\scureapp.exe
HKLM_Run: PCMService="c:\APPS\Powercinema\PCMService.exe"
HKLM_Run: ACTIVBOARD=c:\apps\ABoard\ABoard.exe
HKLM_Run: WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
HKLM_Run: WOOTASKBARICON=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
HKLM_Run: Norton Save and Restore="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
HKLM_Run: osCheck="C:\Program Files\Norton Internet Security\osCheck.exe"
HKLM_Run: RealTray=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
HKLM_Run: Symantec PIF AlertEng="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
HKLM_Run: WinampAgent="C:\Program Files\Winamp\winampa.exe"
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: Alcmtr=ALCMTR.EXE
HKLM_Run: FFE17D=C:\WINDOWS\system32\008157\FFE17D.EXE
HKLM_Run: sysldtray=C:\windows\ld08.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: SmpcSys=C:\APPS\SMP\SmpSys.exe
HKCU_Run: WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
HKCU_Run: updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
HKCU_Explo: "NoDriveAutoRun"=hex:ff,ff,ff,ff
HKCU_Explo: "NoDriveTypeAutoRun"=dword:00000024
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\WINDOWS\ld08.exe
Found ! C:\copy.exe
Found ! C:\RavMon.exe
Found ! D:\copy.exe
Found ! D:\RavMon.exe
Found ! J:\copy.exe
Found ! J:\RavMon.exe
Found ! J:\Recycle.exe
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "sysldtray"
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll
Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
################## [ Registre # Mountpoints2 ]
HKCU\...\Explorer\MountPoints2\{54a30f82-a459-11dd-bbda-0060b34a8e29}\Shell\AutoRun\Command
################## [ ! Fin du rapport # UsbFix V3.022 ! ]
J'ai lu quelques trucs sur le net et j'ai un peu bidouillé avec ce que j'ai lu (j'avais lancé Flash Disinfector ainsi qu'un VaccinUSB.exe), j'espère que ça va pas poser de problèmes :/
Voici le rapport USBfix :
############################## [ UsbFix V3.022 # Scan ]
# User : Oliv (Administrateurs) # Olivier
# Update on 19/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:28:15 | 19/05/2009
# AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Norton Internet Security 2007 [ Enabled | Updated ]
# FW : Norton Internet Security[ Enabled ]2007
# C:\ # Disque fixe local # 29,99 Go (16,19 Go free) [HDD] # NTFS
# D:\ # Disque fixe local # 260,28 Go (113,35 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible # 3,75 Go (1,3 Go free) # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\APPS\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\008157\FFE17D.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\system32\173DE6\V5-46EF1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Oliv"
HKLM_logon: "AltDefaultUserName"="Oliv"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
HKLM_Run: Vade Retro Outlook Express="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
HKLM_Run: DetectorApp=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
HKLM_Run: ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKLM_Run: ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
HKLM_Run: ccApp="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
HKLM_Run: OmniPass=C:\Apps\Softex\OmniPass\scureapp.exe
HKLM_Run: PCMService="c:\APPS\Powercinema\PCMService.exe"
HKLM_Run: ACTIVBOARD=c:\apps\ABoard\ABoard.exe
HKLM_Run: WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
HKLM_Run: WOOTASKBARICON=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
HKLM_Run: Norton Save and Restore="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
HKLM_Run: osCheck="C:\Program Files\Norton Internet Security\osCheck.exe"
HKLM_Run: RealTray=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
HKLM_Run: Symantec PIF AlertEng="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
HKLM_Run: WinampAgent="C:\Program Files\Winamp\winampa.exe"
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: Alcmtr=ALCMTR.EXE
HKLM_Run: FFE17D=C:\WINDOWS\system32\008157\FFE17D.EXE
HKLM_Run: sysldtray=C:\windows\ld08.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: SmpcSys=C:\APPS\SMP\SmpSys.exe
HKCU_Run: WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
HKCU_Run: updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
HKCU_Explo: "NoDriveAutoRun"=hex:ff,ff,ff,ff
HKCU_Explo: "NoDriveTypeAutoRun"=dword:00000024
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\WINDOWS\ld08.exe
Found ! C:\copy.exe
Found ! C:\RavMon.exe
Found ! D:\copy.exe
Found ! D:\RavMon.exe
Found ! J:\copy.exe
Found ! J:\RavMon.exe
Found ! J:\Recycle.exe
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "sysldtray"
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll
Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
################## [ Registre # Mountpoints2 ]
HKCU\...\Explorer\MountPoints2\{54a30f82-a459-11dd-bbda-0060b34a8e29}\Shell\AutoRun\Command
################## [ ! Fin du rapport # UsbFix V3.022 ! ]
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
19 mai 2009 à 21:42
19 mai 2009 à 21:42
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix présent sur ton Bureau.
--> Choisis l'option 2 (Suppression).
--> Ton Bureau disparaîtra et le PC redémarrera.
--> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
--> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
--> Double-clique sur le raccourci UsbFix présent sur ton Bureau.
--> Choisis l'option 2 (Suppression).
--> Ton Bureau disparaîtra et le PC redémarrera.
--> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
--> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
Et voici le nouveau rapport ! (encore merci pour cette aide)
############################## [ UsbFix V3.022 # Cleaning ]
# User : Oliv (Administrateurs) # Olivier
# Update on 19/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:48:25 | 19/05/2009
# AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Norton Internet Security 2007 [ Enabled | Updated ]
# FW : Norton Internet Security[ Enabled ]2007
# C:\ # Disque fixe local # 29,99 Go (16,19 Go free) [HDD] # NTFS
# D:\ # Disque fixe local # 260,28 Go (113,36 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible # 3,75 Go (1,3 Go free) # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! C:\WINDOWS\ld08.exe
(!) Not Deleted ! C:\copy.exe
(!) Not Deleted ! C:\RavMon.exe
(!) Not Deleted ! D:\copy.exe
(!) Not Deleted ! D:\RavMon.exe
(!) Not Deleted ! J:\copy.exe
(!) Not Deleted ! J:\RavMon.exe
Deleted ! J:\Recycle.exe
################## [ Registre # Clés Run infectieuses ]
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "sysldtray"
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll
# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\...\Explorer\MountPoints2\{54a30f82-a459-11dd-bbda-0060b34a8e29}\Shell\AutoRun\Command
################## [ Listing des fichiers présent ]
[20/09/2006 18:21|-rahs----|227] - C:\BOOT.BAK
[03/03/2007 19:25|-rahs----|308] - C:\BOOT.INI
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[05/08/2004 14:00|-rahs----|263488] - C:\cmldr
[19/05/2009 07:40|--a------|172] - C:\curr_ver.tmp
[20/09/2006 18:05|--a------|5980] - C:\DWNLOG.TXT
[20/09/2006 18:22|-rahs----|0] - C:\IO.SYS
[20/09/2006 18:23|--ah-----|848] - C:\IPH.PH
[31/01/2009 16:57|--a------|6023] - C:\is.html
[20/09/2006 18:22|-rahs----|0] - C:\MSDOS.SYS
[05/08/2004 14:00|--a------|47564] - C:\NTDETECT.COM
[05/08/2004 14:00|--a------|251712] - C:\NTLDR
[?|?|?] - C:\pagefile.sys
[19/05/2009 21:10|--a------|17714] - C:\rsit.rar
[20/09/2006 15:53|--a------|1099] - C:\SAUDIT.TXT
[03/03/2007 19:31|--a------|90] - C:\Setup.log
[08/05/2007 20:20|--ah-----|268] - C:\sqmdata00.sqm
[22/05/2007 18:36|--ah-----|232] - C:\sqmdata01.sqm
[22/05/2007 18:36|--ah-----|232] - C:\sqmdata02.sqm
[22/05/2007 18:39|--ah-----|232] - C:\sqmdata03.sqm
[27/05/2007 17:13|--ah-----|232] - C:\sqmdata04.sqm
[27/05/2007 17:13|--ah-----|232] - C:\sqmdata05.sqm
[07/07/2007 13:18|--ah-----|232] - C:\sqmdata06.sqm
[07/07/2007 13:18|--ah-----|232] - C:\sqmdata07.sqm
[07/07/2007 13:19|--ah-----|232] - C:\sqmdata08.sqm
[07/07/2007 13:19|--ah-----|232] - C:\sqmdata09.sqm
[07/07/2007 13:20|--ah-----|232] - C:\sqmdata10.sqm
[07/07/2007 13:20|--ah-----|232] - C:\sqmdata11.sqm
[07/07/2007 13:20|--ah-----|232] - C:\sqmdata12.sqm
[07/07/2007 13:20|--ah-----|232] - C:\sqmdata13.sqm
[08/07/2007 01:20|--ah-----|232] - C:\sqmdata14.sqm
[08/07/2007 01:21|--ah-----|232] - C:\sqmdata15.sqm
[08/07/2007 01:21|--ah-----|232] - C:\sqmdata16.sqm
[08/05/2007 20:20|--ah-----|244] - C:\sqmnoopt00.sqm
[22/05/2007 18:36|--ah-----|244] - C:\sqmnoopt01.sqm
[22/05/2007 18:36|--ah-----|244] - C:\sqmnoopt02.sqm
[22/05/2007 18:39|--ah-----|244] - C:\sqmnoopt03.sqm
[27/05/2007 17:13|--ah-----|244] - C:\sqmnoopt04.sqm
[27/05/2007 17:13|--ah-----|244] - C:\sqmnoopt05.sqm
[07/07/2007 13:18|--ah-----|244] - C:\sqmnoopt06.sqm
[07/07/2007 13:18|--ah-----|244] - C:\sqmnoopt07.sqm
[07/07/2007 13:19|--ah-----|244] - C:\sqmnoopt08.sqm
[07/07/2007 13:19|--ah-----|244] - C:\sqmnoopt09.sqm
[07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt10.sqm
[07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt11.sqm
[07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt12.sqm
[07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt13.sqm
[08/07/2007 01:20|--ah-----|244] - C:\sqmnoopt14.sqm
[08/07/2007 01:21|--ah-----|244] - C:\sqmnoopt15.sqm
[08/07/2007 01:21|--ah-----|244] - C:\sqmnoopt16.sqm
[31/01/2009 16:57|--a------|23521] - C:\temp.txt
[04/03/2007 13:47|-r-h-----|114] - D:\NG Recovery Point Storage.ini
[12/06/2007 21:54|--ah-----|268] - D:\sqmdata00.sqm
[13/06/2007 21:14|--ah-----|268] - D:\sqmdata01.sqm
[14/06/2007 23:11|--ah-----|268] - D:\sqmdata02.sqm
[15/06/2007 20:15|--ah-----|268] - D:\sqmdata03.sqm
[02/07/2007 11:51|--ah-----|268] - D:\sqmdata04.sqm
[04/07/2007 11:21|--ah-----|268] - D:\sqmdata05.sqm
[23/07/2007 14:52|--ah-----|268] - D:\sqmdata06.sqm
[30/07/2007 00:10|--ah-----|268] - D:\sqmdata07.sqm
[11/08/2007 01:15|--ah-----|268] - D:\sqmdata08.sqm
[18/08/2007 15:09|--ah-----|268] - D:\sqmdata09.sqm
[20/08/2007 03:49|--ah-----|268] - D:\sqmdata10.sqm
[24/08/2007 02:05|--ah-----|268] - D:\sqmdata11.sqm
[10/09/2007 02:08|--ah-----|268] - D:\sqmdata12.sqm
[10/09/2007 16:07|--ah-----|268] - D:\sqmdata13.sqm
[26/02/2008 09:17|--ah-----|268] - D:\sqmdata14.sqm
[08/10/2008 00:47|--ah-----|268] - D:\sqmdata15.sqm
[28/05/2007 20:26|--ah-----|292] - D:\sqmdata16.sqm
[31/05/2007 11:23|--ah-----|268] - D:\sqmdata17.sqm
[08/06/2007 22:20|--ah-----|268] - D:\sqmdata18.sqm
[11/06/2007 17:32|--ah-----|268] - D:\sqmdata19.sqm
[11/06/2007 17:32|--ah-----|244] - D:\sqmnoopt00.sqm
[12/06/2007 21:54|--ah-----|244] - D:\sqmnoopt01.sqm
[13/06/2007 21:14|--ah-----|244] - D:\sqmnoopt02.sqm
[14/06/2007 23:11|--ah-----|244] - D:\sqmnoopt03.sqm
[15/06/2007 20:15|--ah-----|244] - D:\sqmnoopt04.sqm
[02/07/2007 11:51|--ah-----|244] - D:\sqmnoopt05.sqm
[04/07/2007 11:21|--ah-----|244] - D:\sqmnoopt06.sqm
[23/07/2007 14:52|--ah-----|244] - D:\sqmnoopt07.sqm
[30/07/2007 00:10|--ah-----|244] - D:\sqmnoopt08.sqm
[11/08/2007 01:15|--ah-----|244] - D:\sqmnoopt09.sqm
[18/08/2007 15:09|--ah-----|244] - D:\sqmnoopt10.sqm
[20/08/2007 03:49|--ah-----|244] - D:\sqmnoopt11.sqm
[24/08/2007 02:05|--ah-----|244] - D:\sqmnoopt12.sqm
[10/09/2007 02:08|--ah-----|244] - D:\sqmnoopt13.sqm
[10/09/2007 16:07|--ah-----|244] - D:\sqmnoopt14.sqm
[26/02/2008 09:17|--ah-----|244] - D:\sqmnoopt15.sqm
[08/10/2008 00:47|--ah-----|244] - D:\sqmnoopt16.sqm
[31/05/2007 11:23|--ah-----|244] - D:\sqmnoopt17.sqm
[08/06/2007 22:20|--ah-----|244] - D:\sqmnoopt18.sqm
[08/06/2007 22:20|--ah-----|244] - D:\sqmnoopt19.sqm
[19/05/2009 21:49|--a------|13326] - D:\UsbFix.txt
[01/01/1601 02:00|-r-h-----|0] - J:\MEMSTICK.IND
[01/01/1601 02:00|-r-h-----|0] - J:\MSTK_PRO.IND
[23/04/2009 09:37|--a------|733362176] - J:\09.09.2003.LE.CHATEAU.DANS.LE.CIEL.DVDRip.FRENCH.DIVX-PRO.5.1._.1CD.REPACK-PYTEAMARENA.trouv‚.sur.avi
[19/05/2009 21:27|--a------|1408208] - J:\PSP.exe
[19/05/2009 21:27|--a------|1408208] - J:\MP_ROOT.exe
[19/05/2009 21:27|--a------|1408208] - J:\MUSIC.exe
[19/05/2009 21:27|--a------|1408208] - J:\PICTURE.exe
[19/05/2009 21:27|--a------|1408208] - J:\VIDEO.exe
################## [ Vaccination ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# J:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.022 ! ]
############################## [ UsbFix V3.022 # Cleaning ]
# User : Oliv (Administrateurs) # Olivier
# Update on 19/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:48:25 | 19/05/2009
# AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Norton Internet Security 2007 [ Enabled | Updated ]
# FW : Norton Internet Security[ Enabled ]2007
# C:\ # Disque fixe local # 29,99 Go (16,19 Go free) [HDD] # NTFS
# D:\ # Disque fixe local # 260,28 Go (113,36 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible # 3,75 Go (1,3 Go free) # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! C:\WINDOWS\ld08.exe
(!) Not Deleted ! C:\copy.exe
(!) Not Deleted ! C:\RavMon.exe
(!) Not Deleted ! D:\copy.exe
(!) Not Deleted ! D:\RavMon.exe
(!) Not Deleted ! J:\copy.exe
(!) Not Deleted ! J:\RavMon.exe
Deleted ! J:\Recycle.exe
################## [ Registre # Clés Run infectieuses ]
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "sysldtray"
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll
# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\...\Explorer\MountPoints2\{54a30f82-a459-11dd-bbda-0060b34a8e29}\Shell\AutoRun\Command
################## [ Listing des fichiers présent ]
[20/09/2006 18:21|-rahs----|227] - C:\BOOT.BAK
[03/03/2007 19:25|-rahs----|308] - C:\BOOT.INI
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[05/08/2004 14:00|-rahs----|263488] - C:\cmldr
[19/05/2009 07:40|--a------|172] - C:\curr_ver.tmp
[20/09/2006 18:05|--a------|5980] - C:\DWNLOG.TXT
[20/09/2006 18:22|-rahs----|0] - C:\IO.SYS
[20/09/2006 18:23|--ah-----|848] - C:\IPH.PH
[31/01/2009 16:57|--a------|6023] - C:\is.html
[20/09/2006 18:22|-rahs----|0] - C:\MSDOS.SYS
[05/08/2004 14:00|--a------|47564] - C:\NTDETECT.COM
[05/08/2004 14:00|--a------|251712] - C:\NTLDR
[?|?|?] - C:\pagefile.sys
[19/05/2009 21:10|--a------|17714] - C:\rsit.rar
[20/09/2006 15:53|--a------|1099] - C:\SAUDIT.TXT
[03/03/2007 19:31|--a------|90] - C:\Setup.log
[08/05/2007 20:20|--ah-----|268] - C:\sqmdata00.sqm
[22/05/2007 18:36|--ah-----|232] - C:\sqmdata01.sqm
[22/05/2007 18:36|--ah-----|232] - C:\sqmdata02.sqm
[22/05/2007 18:39|--ah-----|232] - C:\sqmdata03.sqm
[27/05/2007 17:13|--ah-----|232] - C:\sqmdata04.sqm
[27/05/2007 17:13|--ah-----|232] - C:\sqmdata05.sqm
[07/07/2007 13:18|--ah-----|232] - C:\sqmdata06.sqm
[07/07/2007 13:18|--ah-----|232] - C:\sqmdata07.sqm
[07/07/2007 13:19|--ah-----|232] - C:\sqmdata08.sqm
[07/07/2007 13:19|--ah-----|232] - C:\sqmdata09.sqm
[07/07/2007 13:20|--ah-----|232] - C:\sqmdata10.sqm
[07/07/2007 13:20|--ah-----|232] - C:\sqmdata11.sqm
[07/07/2007 13:20|--ah-----|232] - C:\sqmdata12.sqm
[07/07/2007 13:20|--ah-----|232] - C:\sqmdata13.sqm
[08/07/2007 01:20|--ah-----|232] - C:\sqmdata14.sqm
[08/07/2007 01:21|--ah-----|232] - C:\sqmdata15.sqm
[08/07/2007 01:21|--ah-----|232] - C:\sqmdata16.sqm
[08/05/2007 20:20|--ah-----|244] - C:\sqmnoopt00.sqm
[22/05/2007 18:36|--ah-----|244] - C:\sqmnoopt01.sqm
[22/05/2007 18:36|--ah-----|244] - C:\sqmnoopt02.sqm
[22/05/2007 18:39|--ah-----|244] - C:\sqmnoopt03.sqm
[27/05/2007 17:13|--ah-----|244] - C:\sqmnoopt04.sqm
[27/05/2007 17:13|--ah-----|244] - C:\sqmnoopt05.sqm
[07/07/2007 13:18|--ah-----|244] - C:\sqmnoopt06.sqm
[07/07/2007 13:18|--ah-----|244] - C:\sqmnoopt07.sqm
[07/07/2007 13:19|--ah-----|244] - C:\sqmnoopt08.sqm
[07/07/2007 13:19|--ah-----|244] - C:\sqmnoopt09.sqm
[07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt10.sqm
[07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt11.sqm
[07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt12.sqm
[07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt13.sqm
[08/07/2007 01:20|--ah-----|244] - C:\sqmnoopt14.sqm
[08/07/2007 01:21|--ah-----|244] - C:\sqmnoopt15.sqm
[08/07/2007 01:21|--ah-----|244] - C:\sqmnoopt16.sqm
[31/01/2009 16:57|--a------|23521] - C:\temp.txt
[04/03/2007 13:47|-r-h-----|114] - D:\NG Recovery Point Storage.ini
[12/06/2007 21:54|--ah-----|268] - D:\sqmdata00.sqm
[13/06/2007 21:14|--ah-----|268] - D:\sqmdata01.sqm
[14/06/2007 23:11|--ah-----|268] - D:\sqmdata02.sqm
[15/06/2007 20:15|--ah-----|268] - D:\sqmdata03.sqm
[02/07/2007 11:51|--ah-----|268] - D:\sqmdata04.sqm
[04/07/2007 11:21|--ah-----|268] - D:\sqmdata05.sqm
[23/07/2007 14:52|--ah-----|268] - D:\sqmdata06.sqm
[30/07/2007 00:10|--ah-----|268] - D:\sqmdata07.sqm
[11/08/2007 01:15|--ah-----|268] - D:\sqmdata08.sqm
[18/08/2007 15:09|--ah-----|268] - D:\sqmdata09.sqm
[20/08/2007 03:49|--ah-----|268] - D:\sqmdata10.sqm
[24/08/2007 02:05|--ah-----|268] - D:\sqmdata11.sqm
[10/09/2007 02:08|--ah-----|268] - D:\sqmdata12.sqm
[10/09/2007 16:07|--ah-----|268] - D:\sqmdata13.sqm
[26/02/2008 09:17|--ah-----|268] - D:\sqmdata14.sqm
[08/10/2008 00:47|--ah-----|268] - D:\sqmdata15.sqm
[28/05/2007 20:26|--ah-----|292] - D:\sqmdata16.sqm
[31/05/2007 11:23|--ah-----|268] - D:\sqmdata17.sqm
[08/06/2007 22:20|--ah-----|268] - D:\sqmdata18.sqm
[11/06/2007 17:32|--ah-----|268] - D:\sqmdata19.sqm
[11/06/2007 17:32|--ah-----|244] - D:\sqmnoopt00.sqm
[12/06/2007 21:54|--ah-----|244] - D:\sqmnoopt01.sqm
[13/06/2007 21:14|--ah-----|244] - D:\sqmnoopt02.sqm
[14/06/2007 23:11|--ah-----|244] - D:\sqmnoopt03.sqm
[15/06/2007 20:15|--ah-----|244] - D:\sqmnoopt04.sqm
[02/07/2007 11:51|--ah-----|244] - D:\sqmnoopt05.sqm
[04/07/2007 11:21|--ah-----|244] - D:\sqmnoopt06.sqm
[23/07/2007 14:52|--ah-----|244] - D:\sqmnoopt07.sqm
[30/07/2007 00:10|--ah-----|244] - D:\sqmnoopt08.sqm
[11/08/2007 01:15|--ah-----|244] - D:\sqmnoopt09.sqm
[18/08/2007 15:09|--ah-----|244] - D:\sqmnoopt10.sqm
[20/08/2007 03:49|--ah-----|244] - D:\sqmnoopt11.sqm
[24/08/2007 02:05|--ah-----|244] - D:\sqmnoopt12.sqm
[10/09/2007 02:08|--ah-----|244] - D:\sqmnoopt13.sqm
[10/09/2007 16:07|--ah-----|244] - D:\sqmnoopt14.sqm
[26/02/2008 09:17|--ah-----|244] - D:\sqmnoopt15.sqm
[08/10/2008 00:47|--ah-----|244] - D:\sqmnoopt16.sqm
[31/05/2007 11:23|--ah-----|244] - D:\sqmnoopt17.sqm
[08/06/2007 22:20|--ah-----|244] - D:\sqmnoopt18.sqm
[08/06/2007 22:20|--ah-----|244] - D:\sqmnoopt19.sqm
[19/05/2009 21:49|--a------|13326] - D:\UsbFix.txt
[01/01/1601 02:00|-r-h-----|0] - J:\MEMSTICK.IND
[01/01/1601 02:00|-r-h-----|0] - J:\MSTK_PRO.IND
[23/04/2009 09:37|--a------|733362176] - J:\09.09.2003.LE.CHATEAU.DANS.LE.CIEL.DVDRip.FRENCH.DIVX-PRO.5.1._.1CD.REPACK-PYTEAMARENA.trouv‚.sur.avi
[19/05/2009 21:27|--a------|1408208] - J:\PSP.exe
[19/05/2009 21:27|--a------|1408208] - J:\MP_ROOT.exe
[19/05/2009 21:27|--a------|1408208] - J:\MUSIC.exe
[19/05/2009 21:27|--a------|1408208] - J:\PICTURE.exe
[19/05/2009 21:27|--a------|1408208] - J:\VIDEO.exe
################## [ Vaccination ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# J:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.022 ! ]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
19 mai 2009 à 22:26
19 mai 2009 à 22:26
---> Désinstalle UsbFix.
---> Refais un scan RSIT et poste le rapport log.
---> Refais un scan RSIT et poste le rapport log.
Voilà, c'est désinstallé et voici le nouveau rapport log de RSIT :
http://dl.free.fr/getfile.pl?file=/orgJg313
http://dl.free.fr/getfile.pl?file=/orgJg313
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
19 mai 2009 à 22:42
19 mai 2009 à 22:42
1/
---> Lance ce fichier : D:\Documents and Settings\Oliv\Bureau\Oliv.exe
---> Choisis Do a system scan only.
---> Coche les cases qui sont devant les lignes suivantes :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\TOOLBAND.DLL (file missing)
O4 - HKLM\..\Run: [FFE17D] C:\WINDOWS\system32\008157\FFE17D.EXE
O4 - S-1-5-18 Startup: FFE17D.lnk = C:\WINDOWS\system32\008157\FFE17D.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: FFE17D.lnk = C:\WINDOWS\system32\008157\FFE17D.EXE (User 'Default user')
O4 - Startup: FFE17D.lnk = C:\WINDOWS\system32\008157\FFE17D.EXE
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Ferme HijackThis.
2/
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
---> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:services
9e05ca6b-524a-4273-a150-602edf341d09
ag4idtaq
:files
C:\copy.exe
C:\RavMon.exe
D:\copy.exe
D:\RavMon.exe
J:\copy.exe
J:\RavMon.exe
C:\WINDOWS\system32\008157
C:\WINDOWS\system32\digiwet.dll
C:\WINDOWS\system32\1054p.exe
C:\info.exe
C:\bdtmp
C:\Program Files\Prg Chris
C:\WINDOWS\system32\173DE6
C:\WINDOWS\system32\46EF1A
C:\WINDOWS\system32\4E4CCC
C:\curr_ver.tmp
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"FFE17D"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
:commands
[purity]
[emptytemp]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
---> Lance ce fichier : D:\Documents and Settings\Oliv\Bureau\Oliv.exe
---> Choisis Do a system scan only.
---> Coche les cases qui sont devant les lignes suivantes :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\TOOLBAND.DLL (file missing)
O4 - HKLM\..\Run: [FFE17D] C:\WINDOWS\system32\008157\FFE17D.EXE
O4 - S-1-5-18 Startup: FFE17D.lnk = C:\WINDOWS\system32\008157\FFE17D.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: FFE17D.lnk = C:\WINDOWS\system32\008157\FFE17D.EXE (User 'Default user')
O4 - Startup: FFE17D.lnk = C:\WINDOWS\system32\008157\FFE17D.EXE
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Ferme HijackThis.
2/
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
---> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:services
9e05ca6b-524a-4273-a150-602edf341d09
ag4idtaq
:files
C:\copy.exe
C:\RavMon.exe
D:\copy.exe
D:\RavMon.exe
J:\copy.exe
J:\RavMon.exe
C:\WINDOWS\system32\008157
C:\WINDOWS\system32\digiwet.dll
C:\WINDOWS\system32\1054p.exe
C:\info.exe
C:\bdtmp
C:\Program Files\Prg Chris
C:\WINDOWS\system32\173DE6
C:\WINDOWS\system32\46EF1A
C:\WINDOWS\system32\4E4CCC
C:\curr_ver.tmp
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"FFE17D"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
:commands
[purity]
[emptytemp]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
En suivant tes instructions et près un reboot, voilà ce que j'obtiens dans le rapport :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver 9e05ca6b-524a-4273-a150-602edf341d09 deleted successfully.
Service\Driver ag4idtaq not found.
Service\Driver key ag4idtaq deleted successfully.
========== FILES ==========
File/Folder C:\copy.exe not found.
File/Folder C:\RavMon.exe not found.
File/Folder D:\copy.exe not found.
File/Folder D:\RavMon.exe not found.
File/Folder J:\copy.exe not found.
File/Folder J:\RavMon.exe not found.
C:\WINDOWS\system32\008157 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\digiwet.dll
C:\WINDOWS\system32\digiwet.dll NOT unregistered.
C:\WINDOWS\system32\digiwet.dll moved successfully.
File move failed. C:\WINDOWS\system32\1054p.exe scheduled to be moved on reboot.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
C:\bdtmp\tmp moved successfully.
C:\bdtmp moved successfully.
C:\Program Files\Prg Chris\Anti-Autorun.inf moved successfully.
C:\Program Files\Prg Chris moved successfully.
C:\WINDOWS\system32\173DE6 moved successfully.
C:\WINDOWS\system32\46EF1A moved successfully.
C:\WINDOWS\system32\4E4CCC moved successfully.
C:\curr_ver.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FFE17D not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_794.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_HBH8vdwgpW9RemE scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_225058
Files moved on Reboot...
File move failed. C:\WINDOWS\system32\1054p.exe scheduled to be moved on reboot.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_794.dat not found!
File C:\WINDOWS\temp\sqlite_HBH8vdwgpW9RemE not found!
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl moved successfully.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver 9e05ca6b-524a-4273-a150-602edf341d09 deleted successfully.
Service\Driver ag4idtaq not found.
Service\Driver key ag4idtaq deleted successfully.
========== FILES ==========
File/Folder C:\copy.exe not found.
File/Folder C:\RavMon.exe not found.
File/Folder D:\copy.exe not found.
File/Folder D:\RavMon.exe not found.
File/Folder J:\copy.exe not found.
File/Folder J:\RavMon.exe not found.
C:\WINDOWS\system32\008157 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\digiwet.dll
C:\WINDOWS\system32\digiwet.dll NOT unregistered.
C:\WINDOWS\system32\digiwet.dll moved successfully.
File move failed. C:\WINDOWS\system32\1054p.exe scheduled to be moved on reboot.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
C:\bdtmp\tmp moved successfully.
C:\bdtmp moved successfully.
C:\Program Files\Prg Chris\Anti-Autorun.inf moved successfully.
C:\Program Files\Prg Chris moved successfully.
C:\WINDOWS\system32\173DE6 moved successfully.
C:\WINDOWS\system32\46EF1A moved successfully.
C:\WINDOWS\system32\4E4CCC moved successfully.
C:\curr_ver.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FFE17D not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_794.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_HBH8vdwgpW9RemE scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_225058
Files moved on Reboot...
File move failed. C:\WINDOWS\system32\1054p.exe scheduled to be moved on reboot.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_794.dat not found!
File C:\WINDOWS\temp\sqlite_HBH8vdwgpW9RemE not found!
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl moved successfully.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
19 mai 2009 à 23:21
19 mai 2009 à 23:21
---> Désinstalle J2SE Runtime Environment 5.0 Update 4.
---> Mets à jour Java.
---> Mets à jour Adobe Reader.
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Mets à jour Java.
---> Mets à jour Adobe Reader.
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
Hé bien c'est précis tout ça ! :)
Je vais me coucher, je te souhaite une bonne nuit (et merci encore).
Voilà le rapport de Malwarebyte (il a supprimé beaucoup de choses ...) :
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2155
Windows 5.1.2600 Service Pack 2
20/05/2009 00:12:44
mbam-log-2009-05-20 (00-12-44).txt
Type de recherche: Examen rapide
Eléments examinés: 79016
Temps écoulé: 4 minute(s), 11 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 90
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Je vais me coucher, je te souhaite une bonne nuit (et merci encore).
Voilà le rapport de Malwarebyte (il a supprimé beaucoup de choses ...) :
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2155
Windows 5.1.2600 Service Pack 2
20/05/2009 00:12:44
mbam-log-2009-05-20 (00-12-44).txt
Type de recherche: Examen rapide
Eléments examinés: 79016
Temps écoulé: 4 minute(s), 11 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 90
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 mai 2009 à 00:19
20 mai 2009 à 00:19
Bonne nuit ;)
---> Refais un scan RSIT et poste le rapport log.
---> Refais un scan RSIT et poste le rapport log.
Bonsoir :) ,
Voici le dernier rapport RSIT
http://dl.free.fr/getfile.pl?file=/JU47aFin
En tout cas pour l'instant, Norton s'est remis à fonctionner comme avant ! :D
Voici le dernier rapport RSIT
http://dl.free.fr/getfile.pl?file=/JU47aFin
En tout cas pour l'instant, Norton s'est remis à fonctionner comme avant ! :D
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 mai 2009 à 23:12
20 mai 2009 à 23:12
--> Fais analyser ce fichier : C:\WINDOWS\system32\1054p.exe
--> Sur VirusTotal et poste le lien de l'analyse.
--> Sur VirusTotal et poste le lien de l'analyse.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
20 mai 2009 à 23:55
20 mai 2009 à 23:55
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:services
LiveUpdateLmHosts
:files
C:\WINDOWS\system32\1054p.exe
C:\info.exe
:commands
[purity]
[emptytemp]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:services
LiveUpdateLmHosts
:files
C:\WINDOWS\system32\1054p.exe
C:\info.exe
:commands
[purity]
[emptytemp]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Hop, voilà :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver LiveUpdateLmHosts deleted successfully.
========== FILES ==========
File move failed. C:\WINDOWS\system32\1054p.exe scheduled to be moved on reboot.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Oliv\LOCALS~1\Temp\Perflib_Perfdata_fec.dat scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Oliv\LOCALS~1\Temp\~ROMFN_00000D54 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_360.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_lys6SikXiBdxnCo scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05212009_000359
Files moved on Reboot...
C:\WINDOWS\system32\1054p.exe moved successfully.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
File D:\DOCUME~1\Oliv\LOCALS~1\Temp\Perflib_Perfdata_fec.dat not found!
File D:\DOCUME~1\Oliv\LOCALS~1\Temp\~ROMFN_00000D54 not found!
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_360.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_414.dat not found!
File C:\WINDOWS\temp\sqlite_lys6SikXiBdxnCo not found!
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl moved successfully.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver LiveUpdateLmHosts deleted successfully.
========== FILES ==========
File move failed. C:\WINDOWS\system32\1054p.exe scheduled to be moved on reboot.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Oliv\LOCALS~1\Temp\Perflib_Perfdata_fec.dat scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Oliv\LOCALS~1\Temp\~ROMFN_00000D54 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_360.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_lys6SikXiBdxnCo scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05212009_000359
Files moved on Reboot...
C:\WINDOWS\system32\1054p.exe moved successfully.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
File D:\DOCUME~1\Oliv\LOCALS~1\Temp\Perflib_Perfdata_fec.dat not found!
File D:\DOCUME~1\Oliv\LOCALS~1\Temp\~ROMFN_00000D54 not found!
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_360.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_414.dat not found!
File C:\WINDOWS\temp\sqlite_lys6SikXiBdxnCo not found!
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite moved successfully.
D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl moved successfully.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
21 mai 2009 à 00:11
21 mai 2009 à 00:11
Il faudrait que tu fasses la manip' en mode sans échec.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
21 mai 2009 à 00:20
21 mai 2009 à 00:20
Oui, ce n'est pas grave.
Bonjour !
Après un démarrage sans échec et avoir fait les manips décrites ci-dessus avec OTMoveIt3 (qui ont entrainé un redémarrage de l'ordinateur, en mode normal), voici le rapport que j'ai obtenu :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver LiveUpdateLmHosts not found.
Service\Driver LiveUpdateLmHosts not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\1054p.exe not found.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05242009_101612
Files moved on Reboot...
Folder move failed. C:\info.exe scheduled to be moved on reboot.
Et au redémarrage, Norton s'est manifesté :
Source : D:\_OTMoveIt\MovedFiles\05212009_000359\WINDOWS\system32\1054p.exe
Catégorie de risque : Virus
Impact global du risque : Elevé
Cliquez pour plus d'informations sur ce risque : Downloader
Action effectuée : Totalement supprimé
Après un démarrage sans échec et avoir fait les manips décrites ci-dessus avec OTMoveIt3 (qui ont entrainé un redémarrage de l'ordinateur, en mode normal), voici le rapport que j'ai obtenu :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver LiveUpdateLmHosts not found.
Service\Driver LiveUpdateLmHosts not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\1054p.exe not found.
Folder move failed. C:\info.exe scheduled to be moved on reboot.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\Oliv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05242009_101612
Files moved on Reboot...
Folder move failed. C:\info.exe scheduled to be moved on reboot.
Et au redémarrage, Norton s'est manifesté :
Source : D:\_OTMoveIt\MovedFiles\05212009_000359\WINDOWS\system32\1054p.exe
Catégorie de risque : Virus
Impact global du risque : Elevé
Cliquez pour plus d'informations sur ce risque : Downloader
Action effectuée : Totalement supprimé
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
24 mai 2009 à 13:55
24 mai 2009 à 13:55
"C:\info.exe"
---> Tu vois ce fichier dans ton disque dur ?
---> Tu vois ce fichier dans ton disque dur ?
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
25 mai 2009 à 20:07
25 mai 2009 à 20:07
---> Refais un scan RSIT et poste le rapport log.
Bonsoir ! :)
Ça commence à dater je sais, désolé du temps de réponse, mais avec les partiels, j'ai pas eu trop le temps ! :x
Voici donc le dernier rapport log RSIT :
http://dl.free.fr/getfile.pl?file=/d8MaYNqB
Ça commence à dater je sais, désolé du temps de réponse, mais avec les partiels, j'ai pas eu trop le temps ! :x
Voici donc le dernier rapport log RSIT :
http://dl.free.fr/getfile.pl?file=/d8MaYNqB
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
4 juin 2009 à 03:25
4 juin 2009 à 03:25
Mets à jour Malwarebytes' Anti-Malware puis fais un examen complet.
19 mai 2009 à 21:15
Voici les deux logs :
http://dl.free.fr/getfile.pl?file=/6wD1p2ns
(je les ai archivés et uploadés sur free car ils sont un peu gros pour être postés ici je trouve !)