Sujet Précédent Sujet Suivant

Besoin d'assistance: travailler plus.com!!!

Fermé
Luna59 Messages postés 1 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 21 mai 2009 - 21 mai 2009 à 18:35
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 - 24 mai 2009 à 01:55
Bonjour,
mon pc est incontrolable: très lent, fenetre invasive du nom du virus, les mises à jour automatiques désactivées, problèmes de connection à internet, puis plantage total: le pc s'allume puis s'éteind pour se rallumer à nouveau...
j'ai copié la démarche à suivre tard ds la nuit sur une de vos discussions et je vous envoie le rapport obtenu suite à l'examen avec "Malwarebite's"
dites-moi quoi faire svp, ce pc est mon outil de travail au bureau et je ne suis pas pro
Merci pour tout ce que vous faites et à bientôt!

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2159
Windows 5.1.2600 Service Pack 2

20/05/2007 23:21:40
mbam-log-2007-05-20 (23-21-40).txt

Type de recherche: Examen rapide
Eléments examinés: 75800
Temps écoulé: 3 minute(s), 19 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 98

Processus mémoire infecté(s):
C:\WINDOWS\system32\sysmgr.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\vtUnklLB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\svzpjr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayyXrpO.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\afmain1.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\afmain0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyxrpo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76079f90-7d00-4435-8a9f-05a7b1145fa5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76079f90-7d00-4435-8a9f-05a7b1145fa5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8fade4a-6188-4fb2-b67f-668ea7afbb10} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a8fade4a-6188-4fb2-b67f-668ea7afbb10} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6e203de0-5e5e-4bb8-a621-f0d86627eba6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76079f90-7d00-4435-8a9f-05a7b1145fa5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a8fade4a-6188-4fb2-b67f-668ea7afbb10} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6e203de0-5e5e-4bb8-a621-f0d86627eba6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6e203de0-5e5e-4bb8-a621-f0d86627eba6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft(r) system manager (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wssvc (Backdoor.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ilasss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vamsoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vtunkllb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vtunkllb -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\yayyXrpO.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\svzpjr.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vtUnklLB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\BLlknUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BLlknUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\smsc.exe (Backdoor.Sdbot) -> Delete on reboot.
C:\WINDOWS\system32\afmain1.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\00.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\05.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\06.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\07.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\14.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\16.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\17.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\30.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjbrbvmg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfvmvmbn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xqxgsx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\36.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\45.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\50.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\53.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\61.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\65.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\66.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\67.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\74.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\76.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\80.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\81.scr (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\86.scr (Backdoor.Sdbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\sysdrv32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\lc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\nu.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\boyedt.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\eyt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\hkn6k.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\w.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\ymxf2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\04.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\05.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\06.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\07.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\10.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\11.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\14.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\42.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\51.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\54.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\67.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\70.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\73.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\75.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\88.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\07.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\25.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\40.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\74.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\86.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\48FVE3JK\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\48FVE3JK\index[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\BO7ZC1EU\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09GB8ZAL\x[1] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09GB8ZAL\x[2] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\09GB8ZAL\x[4] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8963CPW9\unc[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8963CPW9\x[1] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8963CPW9\x[2] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8963CPW9\x[3] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8963CPW9\x[4] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5T8GGGU\unc[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5T8GGGU\x[1] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5T8GGGU\x[2] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5T8GGGU\x[3] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G5T8GGGU\x[4] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SPI9EFAN\x[1] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SPI9EFAN\x[2] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SPI9EFAN\x[3] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SPI9EFAN\x[4] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SPI9EFAN\x[5] (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\vamsoft.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\icxpa.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\yb12j.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afmain0.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\22.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> Delete on reboot.
C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnLineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmdfgds2.dll (Spyware.OnLineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ciuytr0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

8 réponses

Réponse 1 / 8
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
21 mai 2009 à 18:40
Salut,
Et ben dis donc, ça grouille sur ton PC !!!

Tu es infecté par un ver qui se propage dans ton ordinateur par support amovibles (clé USB, disquettes, appareils photos numériques, disques durs externes, …)

Télécharge et installe UsbFix de C_XX & Chiquitine29 :
= = = = >>> En cliquant ici <<< = = = =

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir !

* Double clique sur le raccourci UsbFix présent sur ton bureau.
* Choisis l’option 1 (Recherche)
* Laisse travailler l’outil.
* Ensuite poste l’intégralité du rapport UsbFix.txt qui apparaîtra.

Notes :
- Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller sur le forum).
- "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 2 / 8
Luna rossa Messages postés 1 Date d'inscription mercredi 20 mai 2009 Statut Membre Dernière intervention 21 mai 2009
21 mai 2009 à 20:50
Merci Crapoulou de répondre si vite! voici le rapport et merci d'être patient avec une néophyte:

############################## [ UsbFix V3.024 # Scan ]

# User : Administrateur (Administrateurs) # SERVEUR
# Update on 21/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 22:33:08 | 21/05/2007

# Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1287 [VPS 081118-0] 4.8.1287 [ Enabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 43,18 Go (36,23 Go free) # NTFS
# D:\ # Disque fixe local # 43,17 Go (42,7 Go free) # NTFS
# E:\ # Disque fixe local # 42,68 Go (41,13 Go free) # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 962,07 Mo (719,53 Mo free) # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="Travaillez plus.com"
HKCU_Main: "Window Title"="Au travail !Arrˆtez de surfer!"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\wscript.exe C:\\WINDOWS\\system32\\antinul.vbe"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
HKLM_Run: Persistence=C:\WINDOWS\system32\igfxpers.exe
HKLM_Run: SysTrayApp=%ProgramFiles%\IDT\WDM\sttray.exe
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\antinul.vbe
Found ! C:\e2.cmd
Found ! C:\fbak.exe
Found ! C:\mt.bat
Found ! D:\boyedt.com
Found ! D:\e2.cmd
Found ! D:\eyt.exe
Found ! D:\fbak.exe
Found ! D:\hkn6k.bat
Found ! D:\icxpa.cmd
Found ! D:\mt.bat
Found ! D:\yb12j.cmd
Found ! D:\ymxf2.exe
Found ! D:\w.com
Found ! E:\boyedt.com
Found ! E:\e2.cmd
Found ! E:\eyt.exe
Found ! E:\fbak.exe
Found ! E:\hkn6k.bat
Found ! E:\icxpa.cmd
Found ! E:\mt.bat
Found ! E:\yb12j.cmd
Found ! E:\ymxf2.exe
Found ! E:\w.com
H:\autorun.inf # -> fichier appelé : "H:\wscript.exe antinul.vbe" ( absent ! )
Found ! H:\2u.com
Found ! H:\antinul.vbe
Found ! H:\explorer.exe
Found ! H:\hkn6k.bat
Found ! H:\icxpa.cmd
Found ! H:\mail.exe
Found ! H:\system32.exe
Found ! H:\p.exe
Found ! H:\autorun.inf
Found ! H:\zPharaoh.exe
Found ! H:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
Found ! H:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{0b504b1a-fbb1-11db-8d77-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{0b504b1a-fbb1-11db-8d77-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{1db05f7d-ecc3-11db-8d35-000000000000}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{1db05f7d-ecc3-11db-8d35-000000000000}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{1db05f7f-ecc3-11db-8d35-000000000000}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{1db05f7f-ecc3-11db-8d35-000000000000}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{1db05f82-ecc3-11db-8d35-000000000000}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{1db05f82-ecc3-11db-8d35-000000000000}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{226eed38-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{226eed38-ef4a-11db-8d38-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{226eed39-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{226eed39-ef4a-11db-8d38-0008a1bcefea}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{226eed39-ef4a-11db-8d38-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{226eed3e-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{226eed3e-ef4a-11db-8d38-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{226eed49-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{226eed49-ef4a-11db-8d38-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{226eed53-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{226eed53-ef4a-11db-8d38-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{226eed54-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{226eed54-ef4a-11db-8d38-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{226eed55-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{226eed55-ef4a-11db-8d38-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{2b887b5f-e744-11db-8d25-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{2b887b61-e744-11db-8d25-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{2b887b61-e744-11db-8d25-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{5e8bc8c1-eb28-11db-8d2c-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{5e8bc8c1-eb28-11db-8d2c-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{5e8bc8c2-eb28-11db-8d2c-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{5e8bc8c2-eb28-11db-8d2c-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{5ec67ada-e040-11db-8d15-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{5ec67ada-e040-11db-8d15-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{5ec67adc-e040-11db-8d15-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{5ec67add-e040-11db-8d15-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{5ec67add-e040-11db-8d15-0008a1bcefea}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{5ec67add-e040-11db-8d15-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{83530716-e29c-11db-8d1c-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{83530716-e29c-11db-8d1c-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{8359fe05-e6e6-11dd-8cd2-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{8359fe05-e6e6-11dd-8cd2-0008a1bcefea}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{8359fe05-e6e6-11dd-8cd2-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{90ed92e9-f014-11db-8d39-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{90ed92e9-f014-11db-8d39-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{9d6b1c72-e936-11dd-8cd5-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{9d6b1c72-e936-11dd-8cd5-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{b197ceca-cb56-11dd-8ca1-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{b197ceca-cb56-11dd-8ca1-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{b27598f4-f635-11db-8d54-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{b27598f5-f635-11db-8d54-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{b27598f5-f635-11db-8d54-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{b27598f8-f635-11db-8d54-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{b27598f9-f635-11db-8d54-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{b27598f9-f635-11db-8d54-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{b98980d4-ec34-11db-8d32-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{c19f22ca-c05d-11dd-8c9a-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{c3b224bc-dbde-11dd-8cae-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{c3b224bc-dbde-11dd-8cae-0008a1bcefea}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{c3b224bc-dbde-11dd-8cae-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{ce9e75c3-e81c-11db-8d27-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{ce9e75c3-e81c-11db-8d27-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{dd9dacee-ed9a-11db-8d36-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{dd9dacee-ed9a-11db-8d36-0008a1bcefea}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{dd9dacee-ed9a-11db-8d36-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{dd9dacf3-ed9a-11db-8d36-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{dd9dacf3-ed9a-11db-8d36-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{ef3e798e-bada-11dd-8c91-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{ef3e798e-bada-11dd-8c91-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f051980a-b86a-11dd-8c8e-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f051980a-b86a-11dd-8c8e-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f4c5cf75-eb5a-11db-8d2e-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f4c5cf75-eb5a-11db-8d2e-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f5e6dca4-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f5e6dca4-f0a8-11db-8d3a-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f5e6dca8-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f5e6dca8-f0a8-11db-8d3a-0008a1bcefea}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{f5e6dca8-f0a8-11db-8d3a-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcaa-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcaa-f0a8-11db-8d3a-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcb4-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcb4-f0a8-11db-8d3a-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcbc-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcbc-f0a8-11db-8d3a-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcc0-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcc0-f0a8-11db-8d3a-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcc3-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f5e6dcc3-f0a8-11db-8d3a-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f5e6dccd-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f5e6dccd-f0a8-11db-8d3a-0008a1bcefea}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{ffa940ea-dd6e-11dd-8cb3-0008a1bcefea}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{ffa940ea-dd6e-11dd-8cb3-0008a1bcefea}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{ffa940ea-dd6e-11dd-8cb3-0008a1bcefea}\Shell\open\Command

################## [ Informations ]


################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.024 ! ]
0
Réponse 3 / 8
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
21 mai 2009 à 21:09
Ouaou !
ça c'est de l'infection !! ;-).

Nettoyage avec UsbFix :

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d’avoir été infectés sans les ouvrir !

*Double clique sur le raccourci UsbFix présent sur ton bureau.
* Choisis l’option 2 (Suppression)
* Ton bureau disparaîtra et le PC redémarrera.
* Au redémarrage, UsbFix scannera ton PC. Laisse travailler l’outil.
* Ensuite poste l’intégralité du rapport UsbFix.txt qui apparaitra avec le bureau .

Note :
Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
0
Luna Rossa
21 mai 2009 à 21:42
Mais vous êtes la Providence Crapoulou, et désolée de vous donner autant de travail. J'ai fait ce que vous avez dit et voilà le nouveau rapport:


############################## [ UsbFix V3.024 # Cleaning ]

# User : Administrateur (Administrateurs) # SERVEUR
# Update on 21/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 23:31:43 | 21/05/2007

# Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1287 [VPS 081118-0] 4.8.1287 [ Enabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 43,18 Go (36,23 Go free) # NTFS
# D:\ # Disque fixe local # 43,17 Go (42,7 Go free) # NTFS
# E:\ # Disque fixe local # 42,68 Go (41,13 Go free) # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 962,07 Mo (719,53 Mo free) # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\antinul.vbe
Deleted ! C:\e2.cmd
Deleted ! C:\fbak.exe
Deleted ! C:\mt.bat
Deleted ! D:\boyedt.com
Deleted ! D:\e2.cmd
Deleted ! D:\eyt.exe
Deleted ! D:\fbak.exe
Deleted ! D:\hkn6k.bat
Deleted ! D:\icxpa.cmd
Deleted ! D:\mt.bat
Deleted ! D:\yb12j.cmd
Deleted ! D:\ymxf2.exe
Deleted ! D:\w.com
Deleted ! E:\boyedt.com
Deleted ! E:\e2.cmd
Deleted ! E:\eyt.exe
Deleted ! E:\fbak.exe
Deleted ! E:\hkn6k.bat
Deleted ! E:\icxpa.cmd
Deleted ! E:\mt.bat
Deleted ! E:\yb12j.cmd
Deleted ! E:\ymxf2.exe
Deleted ! E:\w.com
H:\autorun.inf # -> fichier appelé : "H:\wscript.exe antinul.vbe" ( absent ! )
Deleted ! H:\2u.com
Deleted ! H:\antinul.vbe
Deleted ! H:\explorer.exe
Deleted ! H:\hkn6k.bat
Deleted ! H:\icxpa.cmd
Deleted ! H:\mail.exe
Deleted ! H:\system32.exe
Deleted ! H:\p.exe
Deleted ! H:\autorun.inf
Deleted ! H:\zPharaoh.exe
Deleted ! H:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
Deleted ! H:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\...\Explorer\MountPoints2\{1db05f7d-ecc3-11db-8d35-000000000000}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{1db05f7f-ecc3-11db-8d35-000000000000}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{1db05f82-ecc3-11db-8d35-000000000000}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{226eed38-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{226eed39-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{226eed3e-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{226eed49-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{226eed53-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{226eed54-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{226eed55-ef4a-11db-8d38-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{2b887b5f-e744-11db-8d25-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{2b887b61-e744-11db-8d25-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{5e8bc8c1-eb28-11db-8d2c-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{5e8bc8c2-eb28-11db-8d2c-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{5ec67ada-e040-11db-8d15-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{5ec67adc-e040-11db-8d15-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{5ec67add-e040-11db-8d15-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{83530716-e29c-11db-8d1c-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{8359fe05-e6e6-11dd-8cd2-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{90ed92e9-f014-11db-8d39-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{9d6b1c72-e936-11dd-8cd5-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{b197ceca-cb56-11dd-8ca1-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{b27598f4-f635-11db-8d54-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{b27598f5-f635-11db-8d54-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{b27598f8-f635-11db-8d54-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{b27598f9-f635-11db-8d54-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{b98980d4-ec34-11db-8d32-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{c19f22ca-c05d-11dd-8c9a-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{c3b224bc-dbde-11dd-8cae-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ce9e75c3-e81c-11db-8d27-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{dd9dacee-ed9a-11db-8d36-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{dd9dacf3-ed9a-11db-8d36-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ef3e798e-bada-11dd-8c91-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f051980a-b86a-11dd-8c8e-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f4c5cf75-eb5a-11db-8d2e-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f5e6dca4-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f5e6dca8-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f5e6dcaa-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f5e6dcb4-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f5e6dcbc-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f5e6dcc0-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f5e6dcc3-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f5e6dccd-f0a8-11db-8d3a-0008a1bcefea}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ffa940ea-dd6e-11dd-8cb3-0008a1bcefea}\Shell\AutoRun\Command

################## [ Listing des fichiers présent ]

[14/11/2008 17:57|--a------|0] - C:\AUTOEXEC.BAT
[14/11/2008 17:53|---hs----|212] - C:\boot.ini
[28/09/2001 15:00|-rahs----|4952] - C:\Bootfont.bin
[14/11/2008 17:57|--a------|0] - C:\CONFIG.SYS
[29/01/2009 19:56|--a------|1046] - C:\DEVOIR.WAV.aup
[29/01/2009 19:50|--a------|1044] - C:\DEVOIR.WAV.aup.bak
[30/04/2007 12:52|--a------|7626192] - C:\Firefox Setup 3.0.10.exe
[04/05/2007 22:10|--a------|14771744] - C:\IE7-WindowsXP-x86-fra.exe
[14/11/2008 17:57|-rahs----|0] - C:\IO.SYS
[06/05/2007 00:15|--a------|25498137] - C:\larousse_pages_roses_ocr.pdf
[14/11/2008 17:57|-rahs----|0] - C:\MSDOS.SYS
[03/08/2004 23:38|-rahs----|47564] - C:\NTDETECT.COM
[03/08/2004 23:59|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[06/05/2007 16:14|-r-hs----|107389] - C:\rbj9jn1n.bat
[29/01/2009 19:58|--a------|1053] - C:\SABER. DEVOIR.WAV.aup
[29/01/2009 19:59|--a------|1052] - C:\SABER.DEVOIR.WAV.aup
[21/05/2007 23:33|--a------|9377] - C:\UsbFix.txt
[05/05/2007 23:51|--a------|1161576] - C:\wlsetup-custom.exe
[20/05/2007 22:43|-r-hs----|105236] - C:\xh319r9b.bat
[01/04/2007 18:58|--a------|1440054] - D:\7 b 1g1.bmp
[23/01/2009 17:07|--a------|4362752] - D:\Anouar Brahem - Parfum De Gitane.mp3
[21/02/2009 13:16|--a------|1440054] - D:\drapeau.bmp
[14/01/2009 17:48|--a------|1010233] - D:\exercice1.mp3
[24/02/2009 17:25|--a------|9728] - D:\hassen bouselmi 8b6.ppt
[11/05/2007 22:29|-r-hs----|107662] - D:\lc.exe
[30/01/2009 10:33|--a------|19968] - D:\Les petits ruisseaux Font les grandes rivieres.doc
[27/02/2007 12:38|--a------|27648] - D:\Meriam ben yahya.doc
[05/05/2007 16:25|-r-hs----|106919] - D:\nu.cmd
[06/05/2007 16:14|-r-hs----|107389] - D:\rbj9jn1n.bat
[11/03/2007 19:59|--a------|1440054] - D:\Sans titre 1.bmp
[20/05/2007 22:43|-r-hs----|105236] - D:\xh319r9b.bat
[11/05/2007 22:29|-r-hs----|107662] - E:\lc.exe
[05/05/2007 16:25|-r-hs----|106919] - E:\nu.cmd
[10/04/2007 13:58|--a------|74752] - E:\oussama.doc
[06/05/2007 16:14|-r-hs----|107389] - E:\rbj9jn1n.bat
[20/05/2007 22:43|-r-hs----|105236] - E:\xh319r9b.bat
[11/05/2007 22:29|-r-hs----|107662] - H:\lc.exe
[06/05/2007 10:08|-r-hs----|107389] - H:\rbj9jn1n.bat
[10/05/2009 20:37|--a------|27648] - H:\1.doc
[12/05/2009 09:33|--a------|22682] - H:\Agir en ‚quipe1.docx
[12/05/2009 10:17|--a------|110080] - H:\ecole_pn.doc
[10/05/2009 20:35|--a------|27648] - H:\doc_1_aide_a_l_analyse_situation_difficile_en_classe.doc
[11/05/2007 23:16|--a------|34933] - H:\syst‚mique et communication.docx
[10/05/2009 20:36|--a------|27648] - H:\doc_1_aide_a_l_analyse_situation_difficile.doc
[11/05/2007 23:18|--a------|28540] - H:\Equipe-‚tapes et modalit‚s.docx
[11/05/2007 23:10|--a------|26902] - H:\Probl‚matique g‚n‚rale-de quoi parle-t-on.docx
[11/05/2007 23:11|--a------|22842] - H:\Probl‚matique g‚n‚rale-organiser les r‚ponses....docx
[11/05/2007 23:19|--a------|26486] - H:\L'enfant-l'‚lŠve-causes de la violence.docx
[11/05/2007 23:21|--a------|27312] - H:\L'enfant-l'‚lŠve-comment g‚rer.docx
[11/05/2007 23:22|--a------|31586] - H:\Agir dans la classe.docx
[11/05/2007 23:23|--a------|25691] - H:\am‚nager le temps et l'espace.docx
[11/05/2007 23:24|--a------|24315] - H:\cr‚er un sentiment d'appartenance.docx
[11/05/2007 23:25|--a------|25987] - H:\cr‚er un cadre rassurant.docx
[13/10/2008 16:13|--a------|533871] - H:\Nawel_Fichiers.exe
[11/05/2007 23:26|--a------|31970] - H:\renvoyer une image positive.docx
[11/05/2007 23:27|--a------|21476] - H:\Agir en ‚quipe-conseils pour.docx
[11/05/2007 23:28|--a------|28269] - H:\Agir en ‚quipe-que faire.docx
[11/05/2007 23:30|--a------|25711] - H:\Agir avec des partenaires-mobiliser ts les parten.docx
[11/05/2007 23:31|--a------|17454] - H:\agir en partenaires-Services et structures.docx
[11/05/2007 23:32|--a------|35937] - H:\Agir avec la famille-coop.docx
[11/05/2007 23:34|--a------|28922] - H:\Agir avec la famille-rencontrer.docx
[11/05/2007 23:37|--a------|9965] - H:\adresse site-comportements … problŠmes.docx
[12/05/2009 09:34|--a------|113928] - H:\DIFFICULT2S COMPORTEMENTALES.docx
[25/04/2009 17:10|--a------|534383] - H:\collŠge beni khiar_Fichiers.exe
[25/02/2007 12:06|-rahs----|122880] - H:\mail.dll
[25/02/2007 12:06|-rahs----|2174] - H:\mail.lib
[12/05/2009 08:29|--a------|155001] - H:\ecole_pn.doc .exe
[15/05/2009 17:51|--a------|155001] - H:\1.doc .exe
[12/05/2009 08:32|--a------|155001] - H:\doc_1_aide_a_l_analyse_situation_difficile_en_classe.doc .exe
[12/05/2009 09:23|--a------|155543] - H:\doc_1_aide_a_l_analyse_situation_difficile.doc .exe
[27/04/2009 00:14|--a------|2416549] - H:\?????? copy.jpg
[27/04/2009 00:29|--a------|1837722] - H:\????? ??????? ??? ????.jpg

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# H:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ Informations ]


################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.024 ! ]
0
Réponse 4 / 8
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
21 mai 2009 à 22:18
Bien mais il reste du boulot !!

C'est à toi ceci ?
D:\7 b 1g1.bmp
E:\oussama.doc

********

Affiche les fichiers et dossiers cachés ainsi que les fichiers du système :
- Mes documents
- Outils
- Options des dossiers
- Onglet « Affichage »
- Coche Afficher les fichiers et dossiers cachés
- Décoche « Masquer les fichiers protégés du système d’exploitation (recommandé) »

******

Analyse ces fichiers : 
H:\mail.dll
H:\1.doc
H:\1.doc .exe
H:\????? ??????? ??? ????.jpg
H:\?????? copy.jpg

Sur le site de virustotal :
https://www.virustotal.com/gui/

Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.

Poste bien les rapports en m’indiquant à chaque rapport envoyé le nom du fichier concerné !

(Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant).

*********

Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau.
= = = = >>> En cliquant ici <<< = = = =

* Double clique sur RSIT.exe pour le lancer.
* Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).
* Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.
* Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).
* Poste le contenu de log.txt.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
Luna Rossa
21 mai 2009 à 22:53
je ne sais pas ce que c'est :
D:\7 b 1g1.bmp
E:\oussama.doc
H:\mail.dll
je suis directrice d'un collège, littéraire de formation, et je n'y connais quasiment rien en informatique! mais je fais ce qu'on me dit avec application, mais dites-moi: c'est quoi en fait?
voici le premier rapport d'abord:

info.txt logfile of random's system information tool 1.06 2007-05-22 00:44:09

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
IDT Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x40c -remove -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetSupport School-->C:\PROGRA~1\NETSUP~1\remove.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Ralink Wireless LAN Card-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
SetIP-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C206015D-DAC5-407C-A54B-6D7776A0881C}\Setup.exe" -l0x40c
SyncThru Web Admin Service-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41F630B6-3A1C-40E0-8AD6-83C39C5B99E3}\Setup.exe" -l0x40c uninstall
UsbFix-->C:\UsbFix\Uninstal.exe
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1287 [VPS 081118-0]

======System event log======

Computer Name: SERVEUR
Event Code: 17
Message: Fournisseur de temps NtpClient : une erreur s'est produite lors de la recherche DNS de
l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient va essayer à nouveau
la recherche DNS dans 15 minutes.
L'erreur était : Une opération a été tentée sur un hôte impossible à atteindre. (0x80072751)

Record Number: 3753
Source Name: W32Time
Time Written: 20090114164117.000000+060
Event Type: erreur
User:

Computer Name: SERVEUR
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{E04CC5FC-DE01-455F-AB3E-367550B3FE75} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 3752
Source Name: Tcpip
Time Written: 20090114164114.000000+060
Event Type: Informations
User:

Computer Name: SERVEUR
Event Code: 7036
Message: Le service HTTP SSL est entré dans l'état : en cours d'exécution.

Record Number: 3751
Source Name: Service Control Manager
Time Written: 20090114164113.000000+060
Event Type: Informations
User:

Computer Name: SERVEUR
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL.

Record Number: 3750
Source Name: Service Control Manager
Time Written: 20090114164113.000000+060
Event Type: Informations
User: AUTORITE NT\SERVICE LOCAL

Computer Name: SERVEUR
Event Code: 7036
Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution.

Record Number: 3749
Source Name: Service Control Manager
Time Written: 20090114164113.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: STANDARD
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20081114165503.000000+060
Event Type: Informations
User:

Computer Name: STANDARD
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20081114165500.000000+060
Event Type: Informations
User:

Computer Name: STANDARD
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20081114165416.000000+060
Event Type: Informations
User:

Computer Name: STANDARD
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20081114165353.000000+060
Event Type: Informations
User:

Computer Name: STANDARD
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20081114165352.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

et voici le second:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2007-05-22 00:44:06
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 38 GB (86%) free of 44 GB
Total RAM: 1023 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:44:07, on 22/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ECE9D21-3105-4C5E-9206-D451E1B35284}: NameServer = 193.95.66.10,193.95.67.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{E04CC5FC-DE01-455F-AB3E-367550B3FE75}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6ECE9D21-3105-4C5E-9206-D451E1B35284}: NameServer = 193.95.66.10,193.95.67.22
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SyncThru Web Admin Service (SWAS_Core) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
0
Réponse 6 / 8
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
21 mai 2009 à 23:22
Peux-tu analyser les fichiers comme demandé ici :
http://www.commentcamarche.net/forum/affich 12551906 besoin d assistance travailler plus com?#5
(J'avais édité mon message).
Pendant ce temps, je prépare une grosse procédure.
Ainsi que ces fichiers : 
H:\ecole_pn.doc.exe
H:\doc_1_aide_a_l_analyse_situation_difficile_en_classe.doc.exe
H:\doc_1_aide_a_l_analyse_situation_difficile.doc.exe

Merci.
0
Réponse 7 / 8
Luna rossa
23 mai 2009 à 17:11
Pas pu avancer car: impossible d'afficher les options des dossiers " en raison de restrictions ... contacter l'administrateur de l'ordinateur", alors en attendant le retour au bureau des employés lundi, je dois prendre mon mal en patience et vous faire attendre!!!
Bon week-end et à bientôt
0
Réponse 8 / 8
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
24 mai 2009 à 01:55
Ok, bon dimanche.
Crapoulou.
0

Discussions similaires

Veuillez contactez l'assistance itunes pour finaliser la transaction
chico -
Panth33ra -

1 réponse
Compte Snapchat bloqué temporairement
LeEL -
bazfile -

3 réponses
Assistance pour le "ITUNES"
LYL -
odi153 -

1 réponse
"creer un compte itune ss carte bancaire"aide
One Chinox -
One chinoX -

9 réponses
ERREUR 0x80070643
StellaChris -
brucine -

1 réponse