Problème avec autochk.dll
Résolu/Fermé16 réponses
Utilisateur anonyme
5 sept. 2009 à 16:41
5 sept. 2009 à 16:41
• Telecharge malwarebytes
• Tu l´instale, le programme va se mettre automatiquement a jour.
• Une fois a jour, le programme va se lancer.
• Click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
• Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
• Puis click sur "rechercher".
• Laisse le scanner le pc...
• Si des elements on ete trouvés > click sur supprimer la selection.
• Si il t´es demandé de redemarrer > click sur "yes".
• A la fin un rapport va s´ouvrir, sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
• Copie et colle le rapport stp.
• Tu l´instale, le programme va se mettre automatiquement a jour.
• Une fois a jour, le programme va se lancer.
• Click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
• Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
• Puis click sur "rechercher".
• Laisse le scanner le pc...
• Si des elements on ete trouvés > click sur supprimer la selection.
• Si il t´es demandé de redemarrer > click sur "yes".
• A la fin un rapport va s´ouvrir, sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
• Copie et colle le rapport stp.
J'ai finalement réussi a avoir le rapport OTM, que voici...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named rundll32.exe was found!
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\autochk.dll
C:\WINDOWS\system32\autochk.dll NOT unregistered.
C:\WINDOWS\system32\autochk.dll moved successfully.
LoadLibrary failed for C:\Documents and Settings\Papa\protect.dll
C:\Documents and Settings\Papa\protect.dll NOT unregistered.
C:\Documents and Settings\Papa\protect.dll moved successfully.
File/Folder C:\WINDOWS\Temp\nsrbgxod.bak not found.
File/Folder C:\Windows\system32\config\SYSTEM~1\protect.dll not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Papa not found.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"autochk"|- /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autochk deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2699677a-b80d-11dd-b0b2-0060b34ae8bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2699677a-b80d-11dd-b0b2-0060b34ae8bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Ben le zobé
->Temp folder emptied: 842710909 bytes
->Temporary Internet Files folder emptied: 52324179 bytes
->Java cache emptied: 386488 bytes
->FireFox cache emptied: 98524976 bytes
->Google Chrome cache emptied: 6416879 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 115616 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Maman
User: Margot
->Temp folder emptied: 282717942 bytes
->Temporary Internet Files folder emptied: 86517785 bytes
->Java cache emptied: 333776 bytes
->FireFox cache emptied: 92293469 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33237 bytes
User: Papa
->Temp folder emptied: 67697670 bytes
->Temporary Internet Files folder emptied: 38806501 bytes
->Java cache emptied: 288028 bytes
->FireFox cache emptied: 108754034 bytes
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\US folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\TH folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\TC folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\SE folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\SC folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\NO folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\NL folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\LS folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\KR folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\JP folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\IT folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\GR folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\FR folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\FI folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\DK folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\BP folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp folder deleted successfully.
C:\fsc.tmp\driver\touchpad folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\WinNT4 folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\Win95 folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\WDM folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\CONFIG folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp folder deleted successfully.
C:\fsc.tmp\driver\sound folder deleted successfully.
C:\fsc.tmp\driver\processor\athlon64_processor_fsc.tmp\driver_v1_1_0_18_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\processor\athlon64_processor_fsc.tmp\driver_v1_1_0_18_wxp folder deleted successfully.
C:\fsc.tmp\driver\processor\athlon64_processor_fsc.tmp folder deleted successfully.
C:\fsc.tmp\driver\processor folder deleted successfully.
C:\fsc.tmp\driver\pcmcia\ti_cardreader_v1_0_2_1_wxp\Windows\tiinst folder deleted successfully.
C:\fsc.tmp\driver\pcmcia\ti_cardreader_v1_0_2_1_wxp\Windows folder deleted successfully.
C:\fsc.tmp\driver\pcmcia\ti_cardreader_v1_0_2_1_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\pcmcia\ti_cardreader_v1_0_2_1_wxp folder deleted successfully.
C:\fsc.tmp\driver\pcmcia folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\SW1 folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\SBDrv\SMBUS folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\SBDrv folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\Driver\2KXP_INF\B_22408 folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\Driver\2KXP_INF folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\Driver folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\CPanel folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\CP1 folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\BIN folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp folder deleted successfully.
C:\fsc.tmp\driver\display folder deleted successfully.
C:\fsc.tmp\driver folder deleted successfully.
C:\fsc.tmp folder deleted successfully.
%systemdrive% .tmp files removed: 160922001 bytes
%systemroot% .tmp files removed: 2175761 bytes
%systemroot%\System32 .tmp files removed: 3590656 bytes
Windows Temp folder emptied: 78762742 bytes
RecycleBin emptied: 826635921 bytes
Total Files Cleaned = -1473,32 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09052009_164102
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named rundll32.exe was found!
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\autochk.dll
C:\WINDOWS\system32\autochk.dll NOT unregistered.
C:\WINDOWS\system32\autochk.dll moved successfully.
LoadLibrary failed for C:\Documents and Settings\Papa\protect.dll
C:\Documents and Settings\Papa\protect.dll NOT unregistered.
C:\Documents and Settings\Papa\protect.dll moved successfully.
File/Folder C:\WINDOWS\Temp\nsrbgxod.bak not found.
File/Folder C:\Windows\system32\config\SYSTEM~1\protect.dll not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Papa not found.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"autochk"|- /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autochk deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2699677a-b80d-11dd-b0b2-0060b34ae8bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2699677a-b80d-11dd-b0b2-0060b34ae8bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Ben le zobé
->Temp folder emptied: 842710909 bytes
->Temporary Internet Files folder emptied: 52324179 bytes
->Java cache emptied: 386488 bytes
->FireFox cache emptied: 98524976 bytes
->Google Chrome cache emptied: 6416879 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 115616 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Maman
User: Margot
->Temp folder emptied: 282717942 bytes
->Temporary Internet Files folder emptied: 86517785 bytes
->Java cache emptied: 333776 bytes
->FireFox cache emptied: 92293469 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33237 bytes
User: Papa
->Temp folder emptied: 67697670 bytes
->Temporary Internet Files folder emptied: 38806501 bytes
->Java cache emptied: 288028 bytes
->FireFox cache emptied: 108754034 bytes
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\US folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\TH folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\TC folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\SE folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\SC folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\NO folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\NL folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\LS folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\KR folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\JP folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\IT folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\GR folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\FR folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\FI folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\DK folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp\BP folder deleted successfully.
C:\fsc.tmp\driver\touchpad\1004068_synaptics_8_1_9_0_wxp folder deleted successfully.
C:\fsc.tmp\driver\touchpad folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\WinNT4 folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\Win95 folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\WDM folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp\CONFIG folder deleted successfully.
C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5820_wxp folder deleted successfully.
C:\fsc.tmp\driver\sound folder deleted successfully.
C:\fsc.tmp\driver\processor\athlon64_processor_fsc.tmp\driver_v1_1_0_18_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\processor\athlon64_processor_fsc.tmp\driver_v1_1_0_18_wxp folder deleted successfully.
C:\fsc.tmp\driver\processor\athlon64_processor_fsc.tmp folder deleted successfully.
C:\fsc.tmp\driver\processor folder deleted successfully.
C:\fsc.tmp\driver\pcmcia\ti_cardreader_v1_0_2_1_wxp\Windows\tiinst folder deleted successfully.
C:\fsc.tmp\driver\pcmcia\ti_cardreader_v1_0_2_1_wxp\Windows folder deleted successfully.
C:\fsc.tmp\driver\pcmcia\ti_cardreader_v1_0_2_1_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\pcmcia\ti_cardreader_v1_0_2_1_wxp folder deleted successfully.
C:\fsc.tmp\driver\pcmcia folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\SW1 folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\Source folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\SBDrv\SMBUS folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\SBDrv folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\Driver\2KXP_INF\B_22408 folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\Driver\2KXP_INF folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\Driver folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\CPanel folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\CP1 folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp\BIN folder deleted successfully.
C:\fsc.tmp\driver\display\ati_display_radeon_x200_v6_14_10_6525_wxp folder deleted successfully.
C:\fsc.tmp\driver\display folder deleted successfully.
C:\fsc.tmp\driver folder deleted successfully.
C:\fsc.tmp folder deleted successfully.
%systemdrive% .tmp files removed: 160922001 bytes
%systemroot% .tmp files removed: 2175761 bytes
%systemroot%\System32 .tmp files removed: 3590656 bytes
Windows Temp folder emptied: 78762742 bytes
RecycleBin emptied: 826635921 bytes
Total Files Cleaned = -1473,32 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09052009_164102
Files moved on Reboot...
Registry entries deleted on Reboot...
Il semblerait que tout soit rentré dans l'ordre... God save the geeks !!! Sans rire, merci beaucoup, et bonne continuation.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
5 sept. 2009 à 17:02
5 sept. 2009 à 17:02
je te conseil vivement de passer malewarebyte's , mais c est toi le chef
++
++
J'ai re regardé les rapport du scan Antivir, le logiciel malveillant est un trojan : tr/spy.gen
Apparament il y a aussi un problème avec protect.dll...
Apparament il y a aussi un problème avec protect.dll...
Utilisateur anonyme
5 sept. 2009 à 15:12
5 sept. 2009 à 15:12
Salut Charlotte ,
▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt .
• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt .
• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
Voila... Mais bon j'avais deja fait hijackthis, je vois pas trop la différence entre les 2...
Logfile of random's system information tool 1.06 (written by random/random)
Run by Papa at 2009-09-05 15:21:21
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 22 GB (39%) free of 57 GB
Total RAM: 382 MB (22% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:39, on 05/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Documents\HiJackThis.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Fichiers communs\ParetoLogic\PLAS\plasservice.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Documents and Settings\All Users\Documents\RSIT.exe
C:\Documents and Settings\All Users\Documents\Papa.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Papa] C:\Documents and Settings\Papa\Papa.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\Papa\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Google Update (gupdate1ca16a97c6ee26a) (gupdate1ca16a97c6ee26a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Fichiers communs\ParetoLogic\PLAS\plasservice.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Papa at 2009-09-05 15:21:21
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 22 GB (39%) free of 57 GB
Total RAM: 382 MB (22% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:39, on 05/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Documents\HiJackThis.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Fichiers communs\ParetoLogic\PLAS\plasservice.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Documents and Settings\All Users\Documents\RSIT.exe
C:\Documents and Settings\All Users\Documents\Papa.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Papa] C:\Documents and Settings\Papa\Papa.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\Papa\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Google Update (gupdate1ca16a97c6ee26a) (gupdate1ca16a97c6ee26a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Fichiers communs\ParetoLogic\PLAS\plasservice.exe
Utilisateur anonyme
5 sept. 2009 à 15:28
5 sept. 2009 à 15:28
• Télécharge et install UsbFix Serveur1 Serveur2
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
Ok ok, c'est en cours, mais il y a une autre truc. Le lien que vous m'avez filé s'affiche comme ca chez moi http://podmena-vidachi.com/?do=rphp&sub=350&b=8125116149&q=http://pagesperso-orange.fr/NosTools/usbfix.html&orig=http%3A//pagesperso-orange.fr/NosTools/usbfix.html
Je suppose que c'est pas comme ca que vous l'avez écrit. Mais ce machin la, podmena vidachi, c'est vers la que se redirigent toutes les pages internet que j'essaie d'ouvrir...
Je suppose que c'est pas comme ca que vous l'avez écrit. Mais ce machin la, podmena vidachi, c'est vers la que se redirigent toutes les pages internet que j'essaie d'ouvrir...
Ok c'est donc ton propre programme.
Je pense que c'est le meme problème que cette personne
https://forums.commentcamarche.net/forum/affich-14256999-virus-podmena-vidachi
J'attends le log usbfix... Sachant que comme périphérique il n'y a que la clé wifi.
Je pense que c'est le meme problème que cette personne
https://forums.commentcamarche.net/forum/affich-14256999-virus-podmena-vidachi
J'attends le log usbfix... Sachant que comme périphérique il n'y a que la clé wifi.
Et voila !
############################## | UsbFix V6.025 |
User : Papa (Administrateurs) # ORDI
Update on 04/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:41:36 | 05/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Mobile AMD Sempron(tm) Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
C:\ -> Disque fixe local # 55,88 Go (21,9 Go free) # NTFS
D:\ -> Disque CD-ROM
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Documents\HiJackThis.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Fichiers communs\ParetoLogic\PLAS\plasservice.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\Temp\nsrbgxod.bak
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Papa"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2699677a-b80d-11dd-b0b2-0060b34ae8bf}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cLIEnT.exE
HKCU\..\..\Explorer\MountPoints2\{7898e57a-d994-11dd-b16c-0060b34ae8bf}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
################## | ! Fin du rapport # UsbFix V6.025 ! |
############################## | UsbFix V6.025 |
User : Papa (Administrateurs) # ORDI
Update on 04/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:41:36 | 05/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Mobile AMD Sempron(tm) Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
C:\ -> Disque fixe local # 55,88 Go (21,9 Go free) # NTFS
D:\ -> Disque CD-ROM
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Documents\HiJackThis.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Fichiers communs\ParetoLogic\PLAS\plasservice.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\Temp\nsrbgxod.bak
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
################## | Registre # Clés Run infectieuses |
Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Papa"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2699677a-b80d-11dd-b0b2-0060b34ae8bf}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cLIEnT.exE
HKCU\..\..\Explorer\MountPoints2\{7898e57a-d994-11dd-b16c-0060b34ae8bf}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
################## | ! Fin du rapport # UsbFix V6.025 ! |
Utilisateur anonyme
5 sept. 2009 à 16:06
5 sept. 2009 à 16:06
▶ Télécharge OTM de OldTimer sur ton Bureau.
• Double-clique sur OTM.exe afin de le lancer.
• Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
rundll32.exe
:files
C:\WINDOWS\system32\autochk.dll
%userprofile%\protect.dll
C:\WINDOWS\Temp\nsrbgxod.bak
C:\Windows\system32\config\SYSTEM~1\protect.dll
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Papa"=-
"autochk"=
-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"autochk"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2699677a-b80d-11dd-b0b2-0060b34ae8bf}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
:commands
[emptytemp]
[reboot]
• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
• Clique maintenant sur le bouton MoveIt! puis ferme OTM.
▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
▶ Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
• Double-clique sur OTM.exe afin de le lancer.
• Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
rundll32.exe
:files
C:\WINDOWS\system32\autochk.dll
%userprofile%\protect.dll
C:\WINDOWS\Temp\nsrbgxod.bak
C:\Windows\system32\config\SYSTEM~1\protect.dll
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Papa"=-
"autochk"=
-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"autochk"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2699677a-b80d-11dd-b0b2-0060b34ae8bf}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
:commands
[emptytemp]
[reboot]
• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
• Clique maintenant sur le bouton MoveIt! puis ferme OTM.
▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
▶ Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Utilisateur anonyme
5 sept. 2009 à 16:11
5 sept. 2009 à 16:11
j ai édité le message , car j avais oublié le lien , désolé