Ld08.exe et Norton qui refuse d'analyser ...

CK9 -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
Suite au téléchargement d'un torrent (oui, j'avoue ...), le firewall de Norton Internet Security m'a prévenu qu'un fichier nommé "ld08.exe" situé dans C:\Windows tentait d'accéder à internet.
Je lui ai refusé l'accès et j'ai bien fait, car j'ai lu sur internet que c'est un fichier malveillant !

Mais depuis, je ne sais pas si ça a un rapport, Norton refuse d'effectuer une analyse, que ce soit en faisait clic droit sur un dossier > Analyser avec Norton Security, ou en séléctionnant directement "Effectuer une analyse" (complète ou rapide) dans Norton ...

Et un redémarrage n'a rien changé !

Voici mon log Hijack This :
http://dl.free.fr/getfile.pl?file=/do7xzAjv

Merci pour une éventuelle aide !
Configuration: Windows XP
Firefox 3.0

15 réponses

  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bonjour,

    Ton PC est infecté.

    --> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    --> Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

    --> Clique sur Continue à l'écran Disclaimer.

    --> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    --> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    0
    1. CK9
       
      Merci pour la rapidité de la réponse !

      Voici les deux logs :
      http://dl.free.fr/getfile.pl?file=/6wD1p2ns

      (je les ai archivés et uploadés sur free car ils sont un peu gros pour être postés ici je trouve !)
      0
  2. archet9
     
    Edité....
    Bon courage a vous deux....
    a+
    0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    --> Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.

    --> Lance l'installation avec les paramètres par défaut.

    --> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

    --> Double-clique sur le raccourci UsbFix sur ton Bureau.

    --> Choisis l'option 1 (Recherche).

    --> Laisse travailler l'outil.

    --> Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    0
    1. CK9
       
      Ha et oui, j'ai oublié de précisé que j'ai eu hier un petit problème avec la clé USB d'un pote (les dossiers devenaient cachés et de faux executables avec le même nom et une icone de dossier prenait leur place), problème qui s'est par la suite transféré à ma PSP !

      J'ai lu quelques trucs sur le net et j'ai un peu bidouillé avec ce que j'ai lu (j'avais lancé Flash Disinfector ainsi qu'un VaccinUSB.exe), j'espère que ça va pas poser de problèmes :/


      Voici le rapport USBfix :



      ############################## [ UsbFix V3.022 # Scan ]

      # User : Oliv (Administrateurs) # Olivier
      # Update on 19/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 21:28:15 | 19/05/2009

      # AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
      # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
      # Internet Explorer 6.0.2900.2180
      # Windows Firewall Status : Disabled
      # AV : Norton Internet Security 2007 [ Enabled | Updated ]
      # FW : Norton Internet Security[ Enabled ]2007

      # C:\ # Disque fixe local # 29,99 Go (16,19 Go free) [HDD] # NTFS
      # D:\ # Disque fixe local # 260,28 Go (113,35 Go free) [DATA] # NTFS
      # E:\ # Disque CD-ROM
      # F:\ # Disque amovible
      # G:\ # Disque amovible
      # H:\ # Disque amovible
      # I:\ # Disque amovible
      # J:\ # Disque amovible # 3,75 Go (1,3 Go free) # FAT32

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Apps\Softex\OmniPass\Omniserv.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Apps\Softex\OmniPass\OPXPApp.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Apps\Softex\OmniPass\scureapp.exe
      C:\APPS\Powercinema\PCMService.exe
      C:\apps\ABoard\ABoard.exe
      C:\apps\ABoard\AOSD.exe
      C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Real\RealPlayer\RealPlay.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\APPS\SMP\SmpSys.exe
      C:\WINDOWS\system32\008157\FFE17D.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
      C:\WINDOWS\system32\173DE6\V5-46EF1.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Registre # Startup ]

      HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      HKLM_logon: "DefaultUserName"="Oliv"
      HKLM_logon: "AltDefaultUserName"="Oliv"
      HKLM_logon: "LegalNoticeCaption"=""
      HKLM_logon: "LegalNoticeText"=""
      HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      HKLM_Run: nwiz=nwiz.exe /install
      HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      HKLM_Run: SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
      HKLM_Run: Vade Retro Outlook Express="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      HKLM_Run: DetectorApp=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      HKLM_Run: ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      HKLM_Run: ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      HKLM_Run: ccApp="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      HKLM_Run: OmniPass=C:\Apps\Softex\OmniPass\scureapp.exe
      HKLM_Run: PCMService="c:\APPS\Powercinema\PCMService.exe"
      HKLM_Run: ACTIVBOARD=c:\apps\ABoard\ABoard.exe
      HKLM_Run: WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
      HKLM_Run: WOOTASKBARICON=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      HKLM_Run: Norton Save and Restore="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
      HKLM_Run: osCheck="C:\Program Files\Norton Internet Security\osCheck.exe"
      HKLM_Run: RealTray=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
      HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
      HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
      HKLM_Run: Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
      HKLM_Run: Symantec PIF AlertEng="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      HKLM_Run: WinampAgent="C:\Program Files\Winamp\winampa.exe"
      HKLM_Run: RTHDCPL=RTHDCPL.EXE
      HKLM_Run: Alcmtr=ALCMTR.EXE
      HKLM_Run: FFE17D=C:\WINDOWS\system32\008157\FFE17D.EXE
      HKLM_Run: sysldtray=C:\windows\ld08.exe
      HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKCU_Run: SmpcSys=C:\APPS\SMP\SmpSys.exe
      HKCU_Run: WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      HKCU_Run: updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      HKCU_Explo: "NoDriveAutoRun"=hex:ff,ff,ff,ff
      HKCU_Explo: "NoDriveTypeAutoRun"=dword:00000024

      ################## [ Fichiers # Dossiers infectieux ]

      Found ! C:\WINDOWS\ld08.exe
      Found ! C:\copy.exe
      Found ! C:\RavMon.exe
      Found ! D:\copy.exe
      Found ! D:\RavMon.exe
      Found ! J:\copy.exe
      Found ! J:\RavMon.exe
      Found ! J:\Recycle.exe

      ################## [ Registre # Clés Run infectieuses ]

      Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "sysldtray"
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
      Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll
      Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
      Found ! HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
      Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

      ################## [ Registre # Mountpoints2 ]

      HKCU\...\Explorer\MountPoints2\{54a30f82-a459-11dd-bbda-0060b34a8e29}\Shell\AutoRun\Command

      ################## [ ! Fin du rapport # UsbFix V3.022 ! ]
      0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    --> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

    --> Double-clique sur le raccourci UsbFix présent sur ton Bureau.

    --> Choisis l'option 2 (Suppression).

    --> Ton Bureau disparaîtra et le PC redémarrera.

    --> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

    --> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    0
    1. CK9
       
      Et voici le nouveau rapport ! (encore merci pour cette aide)


      ############################## [ UsbFix V3.022 # Cleaning ]

      # User : Oliv (Administrateurs) # Olivier
      # Update on 19/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 21:48:25 | 19/05/2009

      # AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
      # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
      # Internet Explorer 6.0.2900.2180
      # Windows Firewall Status : Disabled
      # AV : Norton Internet Security 2007 [ Enabled | Updated ]
      # FW : Norton Internet Security[ Enabled ]2007

      # C:\ # Disque fixe local # 29,99 Go (16,19 Go free) [HDD] # NTFS
      # D:\ # Disque fixe local # 260,28 Go (113,36 Go free) [DATA] # NTFS
      # E:\ # Disque CD-ROM
      # F:\ # Disque amovible
      # G:\ # Disque amovible
      # H:\ # Disque amovible
      # I:\ # Disque amovible
      # J:\ # Disque amovible # 3,75 Go (1,3 Go free) # FAT32

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\logonui.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Apps\Softex\OmniPass\Omniserv.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Apps\Softex\OmniPass\OPXPApp.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\userinit.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Fichiers # Dossiers infectieux ]

      Deleted ! C:\WINDOWS\ld08.exe
      (!) Not Deleted ! C:\copy.exe
      (!) Not Deleted ! C:\RavMon.exe
      (!) Not Deleted ! D:\copy.exe
      (!) Not Deleted ! D:\RavMon.exe
      (!) Not Deleted ! J:\copy.exe
      (!) Not Deleted ! J:\RavMon.exe
      Deleted ! J:\Recycle.exe

      ################## [ Registre # Clés Run infectieuses ]

      Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "sysldtray"
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe
      Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll
      # HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
      # HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
      # HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

      ################## [ Registre # Mountpoints2 ]

      Deleted ! HKCU\...\Explorer\MountPoints2\{54a30f82-a459-11dd-bbda-0060b34a8e29}\Shell\AutoRun\Command

      ################## [ Listing des fichiers présent ]

      [20/09/2006 18:21|-rahs----|227] - C:\BOOT.BAK
      [03/03/2007 19:25|-rahs----|308] - C:\BOOT.INI
      [05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
      [05/08/2004 14:00|-rahs----|263488] - C:\cmldr
      [19/05/2009 07:40|--a------|172] - C:\curr_ver.tmp
      [20/09/2006 18:05|--a------|5980] - C:\DWNLOG.TXT
      [20/09/2006 18:22|-rahs----|0] - C:\IO.SYS
      [20/09/2006 18:23|--ah-----|848] - C:\IPH.PH
      [31/01/2009 16:57|--a------|6023] - C:\is.html
      [20/09/2006 18:22|-rahs----|0] - C:\MSDOS.SYS
      [05/08/2004 14:00|--a------|47564] - C:\NTDETECT.COM
      [05/08/2004 14:00|--a------|251712] - C:\NTLDR
      [?|?|?] - C:\pagefile.sys
      [19/05/2009 21:10|--a------|17714] - C:\rsit.rar
      [20/09/2006 15:53|--a------|1099] - C:\SAUDIT.TXT
      [03/03/2007 19:31|--a------|90] - C:\Setup.log
      [08/05/2007 20:20|--ah-----|268] - C:\sqmdata00.sqm
      [22/05/2007 18:36|--ah-----|232] - C:\sqmdata01.sqm
      [22/05/2007 18:36|--ah-----|232] - C:\sqmdata02.sqm
      [22/05/2007 18:39|--ah-----|232] - C:\sqmdata03.sqm
      [27/05/2007 17:13|--ah-----|232] - C:\sqmdata04.sqm
      [27/05/2007 17:13|--ah-----|232] - C:\sqmdata05.sqm
      [07/07/2007 13:18|--ah-----|232] - C:\sqmdata06.sqm
      [07/07/2007 13:18|--ah-----|232] - C:\sqmdata07.sqm
      [07/07/2007 13:19|--ah-----|232] - C:\sqmdata08.sqm
      [07/07/2007 13:19|--ah-----|232] - C:\sqmdata09.sqm
      [07/07/2007 13:20|--ah-----|232] - C:\sqmdata10.sqm
      [07/07/2007 13:20|--ah-----|232] - C:\sqmdata11.sqm
      [07/07/2007 13:20|--ah-----|232] - C:\sqmdata12.sqm
      [07/07/2007 13:20|--ah-----|232] - C:\sqmdata13.sqm
      [08/07/2007 01:20|--ah-----|232] - C:\sqmdata14.sqm
      [08/07/2007 01:21|--ah-----|232] - C:\sqmdata15.sqm
      [08/07/2007 01:21|--ah-----|232] - C:\sqmdata16.sqm
      [08/05/2007 20:20|--ah-----|244] - C:\sqmnoopt00.sqm
      [22/05/2007 18:36|--ah-----|244] - C:\sqmnoopt01.sqm
      [22/05/2007 18:36|--ah-----|244] - C:\sqmnoopt02.sqm
      [22/05/2007 18:39|--ah-----|244] - C:\sqmnoopt03.sqm
      [27/05/2007 17:13|--ah-----|244] - C:\sqmnoopt04.sqm
      [27/05/2007 17:13|--ah-----|244] - C:\sqmnoopt05.sqm
      [07/07/2007 13:18|--ah-----|244] - C:\sqmnoopt06.sqm
      [07/07/2007 13:18|--ah-----|244] - C:\sqmnoopt07.sqm
      [07/07/2007 13:19|--ah-----|244] - C:\sqmnoopt08.sqm
      [07/07/2007 13:19|--ah-----|244] - C:\sqmnoopt09.sqm
      [07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt10.sqm
      [07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt11.sqm
      [07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt12.sqm
      [07/07/2007 13:20|--ah-----|244] - C:\sqmnoopt13.sqm
      [08/07/2007 01:20|--ah-----|244] - C:\sqmnoopt14.sqm
      [08/07/2007 01:21|--ah-----|244] - C:\sqmnoopt15.sqm
      [08/07/2007 01:21|--ah-----|244] - C:\sqmnoopt16.sqm
      [31/01/2009 16:57|--a------|23521] - C:\temp.txt
      [04/03/2007 13:47|-r-h-----|114] - D:\NG Recovery Point Storage.ini
      [12/06/2007 21:54|--ah-----|268] - D:\sqmdata00.sqm
      [13/06/2007 21:14|--ah-----|268] - D:\sqmdata01.sqm
      [14/06/2007 23:11|--ah-----|268] - D:\sqmdata02.sqm
      [15/06/2007 20:15|--ah-----|268] - D:\sqmdata03.sqm
      [02/07/2007 11:51|--ah-----|268] - D:\sqmdata04.sqm
      [04/07/2007 11:21|--ah-----|268] - D:\sqmdata05.sqm
      [23/07/2007 14:52|--ah-----|268] - D:\sqmdata06.sqm
      [30/07/2007 00:10|--ah-----|268] - D:\sqmdata07.sqm
      [11/08/2007 01:15|--ah-----|268] - D:\sqmdata08.sqm
      [18/08/2007 15:09|--ah-----|268] - D:\sqmdata09.sqm
      [20/08/2007 03:49|--ah-----|268] - D:\sqmdata10.sqm
      [24/08/2007 02:05|--ah-----|268] - D:\sqmdata11.sqm
      [10/09/2007 02:08|--ah-----|268] - D:\sqmdata12.sqm
      [10/09/2007 16:07|--ah-----|268] - D:\sqmdata13.sqm
      [26/02/2008 09:17|--ah-----|268] - D:\sqmdata14.sqm
      [08/10/2008 00:47|--ah-----|268] - D:\sqmdata15.sqm
      [28/05/2007 20:26|--ah-----|292] - D:\sqmdata16.sqm
      [31/05/2007 11:23|--ah-----|268] - D:\sqmdata17.sqm
      [08/06/2007 22:20|--ah-----|268] - D:\sqmdata18.sqm
      [11/06/2007 17:32|--ah-----|268] - D:\sqmdata19.sqm
      [11/06/2007 17:32|--ah-----|244] - D:\sqmnoopt00.sqm
      [12/06/2007 21:54|--ah-----|244] - D:\sqmnoopt01.sqm
      [13/06/2007 21:14|--ah-----|244] - D:\sqmnoopt02.sqm
      [14/06/2007 23:11|--ah-----|244] - D:\sqmnoopt03.sqm
      [15/06/2007 20:15|--ah-----|244] - D:\sqmnoopt04.sqm
      [02/07/2007 11:51|--ah-----|244] - D:\sqmnoopt05.sqm
      [04/07/2007 11:21|--ah-----|244] - D:\sqmnoopt06.sqm
      [23/07/2007 14:52|--ah-----|244] - D:\sqmnoopt07.sqm
      [30/07/2007 00:10|--ah-----|244] - D:\sqmnoopt08.sqm
      [11/08/2007 01:15|--ah-----|244] - D:\sqmnoopt09.sqm
      [18/08/2007 15:09|--ah-----|244] - D:\sqmnoopt10.sqm
      [20/08/2007 03:49|--ah-----|244] - D:\sqmnoopt11.sqm
      [24/08/2007 02:05|--ah-----|244] - D:\sqmnoopt12.sqm
      [10/09/2007 02:08|--ah-----|244] - D:\sqmnoopt13.sqm
      [10/09/2007 16:07|--ah-----|244] - D:\sqmnoopt14.sqm
      [26/02/2008 09:17|--ah-----|244] - D:\sqmnoopt15.sqm
      [08/10/2008 00:47|--ah-----|244] - D:\sqmnoopt16.sqm
      [31/05/2007 11:23|--ah-----|244] - D:\sqmnoopt17.sqm
      [08/06/2007 22:20|--ah-----|244] - D:\sqmnoopt18.sqm
      [08/06/2007 22:20|--ah-----|244] - D:\sqmnoopt19.sqm
      [19/05/2009 21:49|--a------|13326] - D:\UsbFix.txt
      [01/01/1601 02:00|-r-h-----|0] - J:\MEMSTICK.IND
      [01/01/1601 02:00|-r-h-----|0] - J:\MSTK_PRO.IND
      [23/04/2009 09:37|--a------|733362176] - J:\09.09.2003.LE.CHATEAU.DANS.LE.CIEL.DVDRip.FRENCH.DIVX-PRO.5.1._.1CD.REPACK-PYTEAMARENA.trouv‚.sur.avi
      [19/05/2009 21:27|--a------|1408208] - J:\PSP.exe
      [19/05/2009 21:27|--a------|1408208] - J:\MP_ROOT.exe
      [19/05/2009 21:27|--a------|1408208] - J:\MUSIC.exe
      [19/05/2009 21:27|--a------|1408208] - J:\PICTURE.exe
      [19/05/2009 21:27|--a------|1408208] - J:\VIDEO.exe

      ################## [ Vaccination ]

      # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
      # D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
      # J:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

      ################## [ Cracks / Keygens / Serials ]

      # -> Nothing found !

      ################## [ ! Fin du rapport # UsbFix V3.022 ! ]
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Désinstalle UsbFix.

    ---> Refais un scan RSIT et poste le rapport log.
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    1/

    ---> Lance ce fichier : D:\Documents and Settings\Oliv\Bureau\Oliv.exe

    ---> Choisis Do a system scan only.

    ---> Coche les cases qui sont devant les lignes suivantes :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)

    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\TOOLBAND.DLL (file missing)

    O4 - HKLM\..\Run: [FFE17D] C:\WINDOWS\system32\008157\FFE17D.EXE

    O4 - S-1-5-18 Startup: FFE17D.lnk = C:\WINDOWS\system32\008157\FFE17D.EXE (User 'SYSTEM')

    O4 - .DEFAULT Startup: FFE17D.lnk = C:\WINDOWS\system32\008157\FFE17D.EXE (User 'Default user')

    O4 - Startup: FFE17D.lnk = C:\WINDOWS\system32\008157\FFE17D.EXE

    ---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

    ---> Ferme HijackThis.

    2/

    ---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

    ---> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    9e05ca6b-524a-4273-a150-602edf341d09
    ag4idtaq

    :files
    C:\copy.exe
    C:\RavMon.exe
    D:\copy.exe
    D:\RavMon.exe
    J:\copy.exe
    J:\RavMon.exe
    C:\WINDOWS\system32\008157
    C:\WINDOWS\system32\digiwet.dll
    C:\WINDOWS\system32\1054p.exe
    C:\info.exe
    C:\bdtmp
    C:\Program Files\Prg Chris
    C:\WINDOWS\system32\173DE6
    C:\WINDOWS\system32\46EF1A
    C:\WINDOWS\system32\4E4CCC
    C:\curr_ver.tmp

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "FFE17D"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

    :commands
    [purity]
    [emptytemp]
    [reboot]

    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
    1. CK9
       
      En suivant tes instructions et près un reboot, voilà ce que j'obtiens dans le rapport :

      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== SERVICES/DRIVERS ==========

      Service\Driver 9e05ca6b-524a-4273-a150-602edf341d09 deleted successfully.
      Service\Driver ag4idtaq not found.
      Service\Driver key ag4idtaq deleted successfully.
      ========== FILES ==========
      File/Folder C:\copy.exe not found.
      File/Folder C:\RavMon.exe not found.
      File/Folder D:\copy.exe not found.
      File/Folder D:\RavMon.exe not found.
      File/Folder J:\copy.exe not found.
      File/Folder J:\RavMon.exe not found.
      C:\WINDOWS\system32\008157 moved successfully.
      DllUnregisterServer procedure not found in C:\WINDOWS\system32\digiwet.dll
      C:\WINDOWS\system32\digiwet.dll NOT unregistered.
      C:\WINDOWS\system32\digiwet.dll moved successfully.
      File move failed. C:\WINDOWS\system32\1054p.exe scheduled to be moved on reboot.
      Folder move failed. C:\info.exe scheduled to be moved on reboot.
      C:\bdtmp\tmp moved successfully.
      C:\bdtmp moved successfully.
      C:\Program Files\Prg Chris\Anti-Autorun.inf moved successfully.
      C:\Program Files\Prg Chris moved successfully.
      C:\WINDOWS\system32\173DE6 moved successfully.
      C:\WINDOWS\system32\46EF1A moved successfully.
      C:\WINDOWS\system32\4E4CCC moved successfully.
      C:\curr_ver.tmp moved successfully.
      ========== REGISTRY ==========
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FFE17D not found.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll /E : value set successfully!
      ========== COMMANDS ==========
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      User's Temporary Internet Files folder emptied.
      File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
      Local Service Temp folder emptied.
      File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Network Service Temp folder emptied.
      Network Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_794.dat scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\sqlite_HBH8vdwgpW9RemE scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.

      OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_225058

      Files moved on Reboot...
      File move failed. C:\WINDOWS\system32\1054p.exe scheduled to be moved on reboot.
      Folder move failed. C:\info.exe scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
      File C:\WINDOWS\temp\Perflib_Perfdata_794.dat not found!
      File C:\WINDOWS\temp\sqlite_HBH8vdwgpW9RemE not found!
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl moved successfully.
      0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Désinstalle J2SE Runtime Environment 5.0 Update 4.

    ---> Mets à jour Java.

    ---> Mets à jour Adobe Reader.

    ---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
    ---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
    ---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
    ---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
    ---> Sélectionne Exécuter un examen rapide.
    ---> Clique sur Rechercher. L'analyse démarre.

    A la fin de l'analyse, un message s'affiche :

    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    ---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    ---> Ferme tes navigateurs.
    Si des malwares ont été détectés, clique sur Afficher les résultats.
    ---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
    ---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    0
    1. CK9
       
      Hé bien c'est précis tout ça ! :)
      Je vais me coucher, je te souhaite une bonne nuit (et merci encore).

      Voilà le rapport de Malwarebyte (il a supprimé beaucoup de choses ...) :




      Malwarebytes' Anti-Malware 1.36
      Version de la base de données: 2155
      Windows 5.1.2600 Service Pack 2

      20/05/2009 00:12:44
      mbam-log-2009-05-20 (00-12-44).txt

      Type de recherche: Examen rapide
      Eléments examinés: 79016
      Temps écoulé: 4 minute(s), 11 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 90
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 3
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bonne nuit ;)

    ---> Refais un scan RSIT et poste le rapport log.
    0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    --> Fais analyser ce fichier : C:\WINDOWS\system32\1054p.exe

    --> Sur VirusTotal et poste le lien de l'analyse.
    0
    1. CK9
       
      Je ne trouve pas cet exécutable, ni même en faisant une recherche qui inclut les dossiers et fichiers cachés !
      0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    LiveUpdateLmHosts

    :files
    C:\WINDOWS\system32\1054p.exe
    C:\info.exe

    :commands
    [purity]
    [emptytemp]
    [reboot]

    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
    1. CK9
       
      Hop, voilà :


      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== SERVICES/DRIVERS ==========

      Service\Driver LiveUpdateLmHosts deleted successfully.
      ========== FILES ==========
      File move failed. C:\WINDOWS\system32\1054p.exe scheduled to be moved on reboot.
      Folder move failed. C:\info.exe scheduled to be moved on reboot.
      ========== COMMANDS ==========
      File delete failed. D:\DOCUME~1\Oliv\LOCALS~1\Temp\Perflib_Perfdata_fec.dat scheduled to be deleted on reboot.
      File delete failed. D:\DOCUME~1\Oliv\LOCALS~1\Temp\~ROMFN_00000D54 scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      User's Temporary Internet Files folder emptied.
      File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
      Local Service Temp folder emptied.
      File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Network Service Temp folder emptied.
      Network Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_360.dat scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\sqlite_lys6SikXiBdxnCo scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.

      OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05212009_000359

      Files moved on Reboot...
      C:\WINDOWS\system32\1054p.exe moved successfully.
      Folder move failed. C:\info.exe scheduled to be moved on reboot.
      File D:\DOCUME~1\Oliv\LOCALS~1\Temp\Perflib_Perfdata_fec.dat not found!
      File D:\DOCUME~1\Oliv\LOCALS~1\Temp\~ROMFN_00000D54 not found!
      File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
      File C:\WINDOWS\temp\Perflib_Perfdata_360.dat not found!
      File C:\WINDOWS\temp\Perflib_Perfdata_414.dat not found!
      File C:\WINDOWS\temp\sqlite_lys6SikXiBdxnCo not found!
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_001_ moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_002_ moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_003_ moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\Cache\_CACHE_MAP_ moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\urlclassifier3.sqlite moved successfully.
      D:\Documents and Settings\Oliv\Local Settings\Application Data\Mozilla\Firefox\Profiles\12qej8dz.default\XUL.mfl moved successfully.
      0
  12. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Il faudrait que tu fasses la manip' en mode sans échec.
    0
    1. CK9
       
      Ok, je copie colle strictement la même chose ou il y a déjà des choses qui ont viré ?
      0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Oui, ce n'est pas grave.
    0
    1. CK9
       
      Ok chef, je fais ça demain, là je vais me coucher, bonne nuit et merci encore :) .
      0
    2. CK9
       
      Bonjour !

      Après un démarrage sans échec et avoir fait les manips décrites ci-dessus avec OTMoveIt3 (qui ont entrainé un redémarrage de l'ordinateur, en mode normal), voici le rapport que j'ai obtenu :

      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== SERVICES/DRIVERS ==========
      Service\Driver LiveUpdateLmHosts not found.
      Service\Driver LiveUpdateLmHosts not found.
      ========== FILES ==========
      File/Folder C:\WINDOWS\system32\1054p.exe not found.
      Folder move failed. C:\info.exe scheduled to be moved on reboot.
      ========== COMMANDS ==========
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. D:\Documents and Settings\Oliv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      User's Temporary Internet Files folder emptied.
      Local Service Temp folder emptied.
      Local Service Temporary Internet Files folder emptied.
      Network Service Temp folder emptied.
      Network Service Temporary Internet Files folder emptied.
      Windows Temp folder emptied.
      Java cache emptied.
      FireFox cache emptied.
      Temp folders emptied.

      OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05242009_101612

      Files moved on Reboot...
      Folder move failed. C:\info.exe scheduled to be moved on reboot.




      Et au redémarrage, Norton s'est manifesté :

      Source : D:\_OTMoveIt\MovedFiles\05212009_000359\WINDOWS\system32\1054p.exe
      Catégorie de risque : Virus
      Impact global du risque : Elevé
      Cliquez pour plus d'informations sur ce risque : Downloader
      Action effectuée : Totalement supprimé
      0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    "C:\info.exe"

    ---> Tu vois ce fichier dans ton disque dur ?
    0
    1. CK9
       
      Non, même en affichant les dossiers et fichiers cachés !
      0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Refais un scan RSIT et poste le rapport log.
    0
    1. CK9
       
      Bonsoir ! :)

      Ça commence à dater je sais, désolé du temps de réponse, mais avec les partiels, j'ai pas eu trop le temps ! :x

      Voici donc le dernier rapport log RSIT :

      http://dl.free.fr/getfile.pl?file=/d8MaYNqB
      0
  16. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Mets à jour Malwarebytes' Anti-Malware puis fais un examen complet.
    0