Virus x.bat + win32ssr.exe
lili
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
depuis 2 jours je ne peux plus connecter mon dde, ça me marque "il n'y a pas de disque dans le lecteur" et j'ai beau cliquer sur "annuler" "continuer" "recommencer" le message réapparait de suite.
Autre problème, au démarage avast me signale le virus x.bat et j'ai beau le supprimer, ça ne marche pas.
J'ai fait un scan ccleaner mais le problème persiste.
Si vous avez la solution ?
Merci d'avance.
depuis 2 jours je ne peux plus connecter mon dde, ça me marque "il n'y a pas de disque dans le lecteur" et j'ai beau cliquer sur "annuler" "continuer" "recommencer" le message réapparait de suite.
Autre problème, au démarage avast me signale le virus x.bat et j'ai beau le supprimer, ça ne marche pas.
J'ai fait un scan ccleaner mais le problème persiste.
Si vous avez la solution ?
Merci d'avance.
A voir également:
- Virus x.bat + win32ssr.exe
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus informatique - Guide
77 réponses
tu cliques droit sur le fichier , un bloc notes va ss ouvrir avec des infos , tu copie/colle les infos dans ta reponse suivante et tu le refermes
Windows Registry Editor Version 5.00
;Paramètres performance affichage
[HKEY_CURRENT_USER\Control Panel\Desktop]
"UserPreferencesMask"=hex:98,32,07,80
;Enlève l'icone Configurer les programmes par défaut du menu Démarrer
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowSetProgramAccessAndDefaults"=dword:00000000
;Ne pas animer les fenêtres lors de leur réduction et de leur agrandissement
[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics]
"MinAnimate"=dword:00000000
;Passe l'avertissement sur les fichiers téléchargés quand on l'éxécute
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="no"
;Afficher les fichiers cachés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
;Conserve la connexion Internet active lors de changement de session
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"KeepRasConnections"="1"
;Désactiver la boite de dialogue de la protection des fichiers Windows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000004
;Désactive les raccourcis des options d'accessibilité
[HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys]
"Flags"="506"
[HKEY_CURRENT_USER\Control Panel\Accessibility\Keyboard Response]
"Flags"="122"
[HKEY_CURRENT_USER\Control Panel\Accessibility\ToggleKeys]
"Flags"="58"
;Rend l'explorateur de windows plus stable
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"DesktopProcess"=dword:00000001
;Ouvre les fenêtres des dossiers dans un processus différent
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SeparateProcess"=dword:00000001
;Supprime les 20% de bande passante réservable de Windows XP
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows\Psched]
"NonBestEffortLimit"=dword:00000000
;Maximisation du nombre de téléchargements Internet Explorer simultanés
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:0000000a
"MaxConnectionsPer1_0Server"=dword:0000000a
;Fermer les programmes plus rapidement en quittant Windows
[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"WaitToKillAppTimeout"="4000"
"HungAppTimeout"="4000"
;Affichage des menus accelere
"MenuShowDelay"="0"
"SmoothScroll"=hex:00,00,00,00
;Onglet performances personnalisé
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects]
"VisualFXSetting"=dword:00000003
"UserPreferencesMask"=hex:98,32,07,80
;Masquer automatiquement les icones inactives dans la barre de tâches
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"EnableAutoTray"=dword:00000001
;Gestion alimentation PC toujours actif
[HKEY_CURRENT_USER\Control Panel\PowerCfg]
"CurrentPowerPolicy"="2"
;Pouvoir coller des chaines de caractères dans la console
[HKEY_CURRENT_USER\Console]
"QuickEdit"=dword:00000001
;Désactivation de la souscription à Passport suite à l'installation de MSN Messenger
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
"RegistrationCompleted"=dword:00000001
;Activation du retour automatique à la ligne et la barre de statut dans Notepad
[HKEY_CURRENT_USER\Software\Microsoft\Notepad]
"fWrap"=dword:00000001
"StatusBar"=dword:00000001
;Réglage de la mémoire virtuelle à 320 Mo min et 1536 Mo Max
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management]
"PagingFiles"=hex(07):43,00,3a,00,5c,00,70,00,61,00,67,00,65,00,66,00,69,00,\
6c,00,65,00,2e,00,73,00,79,00,73,00,20,00,33,00,32,00,30,00,20,00,31,00,35,\
00,33,00,36,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"PagingFiles"=hex(07):43,00,3a,00,5c,00,70,00,61,00,67,00,65,00,66,00,69,00,\
6c,00,65,00,2e,00,73,00,79,00,73,00,20,00,33,00,32,00,30,00,20,00,31,00,35,\
00,33,00,36,00,00,00,00,00
;N'Affiche pas le menu documents récents dans Démarrer
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowRecentDocs"=dword:00000000
;Désactivation de la visite guidée de Windows
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]
"RunCount"=dword:0000000
;Désactive la prévention enbêtante à l'execution d'un fichier
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"HideZoneInfoOnProperties"=dword:00000001
;Désactive le nettoyage du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]
"NoRun"=dword:00000001
;Afficher les fichiers cachés
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"SuperHidden"=dword:00000001
;Montrer l'extension des fichiers connus
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt"=dword:00000000
;Activation du pavé numérique au chargement de Windows XP
[HKEY_CURRENT_USER\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2"
;Plus d'avertissement très gênant sur les fichiers téléchargés.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="no"
"RunInvalidSignatures"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.vbs;.inf;.msi;.htm;.html;.swf;.js;.mp3;.mp2;.ape;.apl;.flac;.shn;.mpc;.mp+;.wma;.ogg;.mp4;.aac;.voc;.mid;.mac;.cda;.kar;.midi;.rar;.zip;.wav;.jpg;.gif;.png;.bmp;.jpeg;.doc;.xls;.pls;.pub;.dat;.html;.htm;.avi;mpg;.mpeg;.nfo;.txt;.torrent;.diz;.ppt;.m3u;.sfv;.tar;.htt;.mht;.asp;.aspx;.tiff;.rtf;.ini;.cab;.ico;.icl;.ip;.iptheme;.msstyles;.theme;.dll;.psd;.vbs;.swf;.php;.xaml;.iso;.bin;.cue;.xml;.par;.par2;.ace;.arj;.lzh;.7z;.gz;.bz;.uue;.bz2;.jar;.z;.ade;.adn;.adp;.aia;.img;.date;.aip;.ait;amf;.ani;.aob;.asf;.csv;.fla;.pxr;.wmv;.nrg;.mov;.sav;.xhtml;.php5;.pxr;.m4a;.qxr;.h;.cpp;.pdd;.rle;.dib;.eps;.jpe;.pcx;.pdp;.raw;.pct;.pict;.sct;.tga;.vda;.icd;.vst;.tif;.tpl;.log;.prx;.cdf;.nls;.ax;.msc;.cpl;.EXE;.BAT;.COM;.CMD;.REG;.VBS;.INF;.MSI;.HTM;.HTML;.SWF;.JS;.MP3;.MP2;.APE;.APL;.FLAC;.SHN;.MPC;.MP+;.WMA;.OGG;.MP4;.AAC;.VOC;.MID;.MAC;.CDA;.KAR;.MIDI;.RAR;.ZIP;.WAV;.JPG;.GIF;.PNG;.BMP;.JPEG;.DOC;.XLS;.PLS;.PUB;.DAT;.HTML;.HTM;.AVI;MPG;.MPEG;.NFO;.TXT;.TORRENT;.DIZ;.PPT;.M3U;.SFV;.TAR;.HTT;.MHT;.ASP;.ASPX;.TIFF;.RTF;.INI;.CAB;.ICO;.ICL;.IP;.IPTHEME;.MSSTYLES;.THEME;.DLL;.PSD;.VBS;.SWF;.PHP;.XAML;.ISO;.BIN;.CUE;.XML;.PAR;.PAR2;.ACE;.ARJ;.LZH;.7Z;.GZ;.BZ;.UUE;.BZ2;.JAR;.Z;.ADE;.ADN;.ADP;.AIA;.IMG;.DATE;.AIP;.AIT;AMF;.ANI;.AOB;.ASF;.CSV;.FLA;.PXR;.WMV;.NRG;.MOV;.SAV;.XHTML;.PHP5;.PXR;.M4A;.QXR;.H;.CPP;.PDD;.RLE;.DIB;.EPS;.JPE;.PCX;.PDP;.RAW;.PCT;.PICT;.SCT;.TGA;.VDA;.ICD;.VST;.TIF;.TPL;.LOG;.PRX;.CDF;.NLS;.AX;.MSC;.CPL"
;Remise en ordre dans le menu démarrer et les favoris
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2]
;Désactive le rapport d'erreur de Microsoft Office 2003
[HKEY_CURRENT_USER\Software\Microsoft\Office\Common]
"QMEnable"=dword:00000000
;Désactive DrWatson
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"IEWatsonDisabled"=dword:00000001
;Désactive le Debogueur de script d'Internet Explorer
;Défilement des pages dans Internet Explorer plus net
;Pour ne plus afficher les messages d'erreurs HTTP simplifiés
;Attribu Google en page de démarrage Internet Explorer
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"="yes"
"IEWatsonEnabled"=dword:00000000
"SmoothScroll"=dword:00000001
"Friendly http errors"="no"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.fr/?gws_rd=ssl"
"Search Bar"="http://www.google.fr/toolbar/ie8/sidebar.html"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""="http://www.google.fr/keyword/%s"
;Permettre à media player de lire des dvd
[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings]
"EnableDVDUI"="yes"
;Désactiver le "raccourci vers"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Link"=hex:00,00,00,00
;Créer une catégorie Winrar au menu contextuel du clic droit
[HKEY_CURRENT_USER\SOFTWARE\WinRAR\Setup]
"ShellExt"=dword:00000001
"CascadedMenu"=dword:00000001
"MenuIcons"=dword:00000001
;Ne redémarre pas sur une erreur fatale
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl]
"AutoReboot"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"AutoReboot"=dword:00000000
;Suppression de l'élément Aide et Support du menu Démarrer
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowHelp"=dword:00000000
LE RAPPORT :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Universal Serial Bus device deleted successfully.
C:\WINDOWS\usb_magr.exe moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} folder moved successfully.
File\Folder C:\WINDOWS\usb_magr.exe not found.
C:\WINDOWS\System32\mini.exe moved successfully.
C:\WINDOWS\System32\i moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gilou
->Temp folder emptied: 8911 bytes
->Temporary Internet Files folder emptied: 5084385 bytes
->Java cache emptied: 6425483 bytes
->FireFox cache emptied: 93171843 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 99,87 mb
OTL by OldTimer - Version 3.1.6.0 log created on 11202009_195756
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
;Paramètres performance affichage
[HKEY_CURRENT_USER\Control Panel\Desktop]
"UserPreferencesMask"=hex:98,32,07,80
;Enlève l'icone Configurer les programmes par défaut du menu Démarrer
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowSetProgramAccessAndDefaults"=dword:00000000
;Ne pas animer les fenêtres lors de leur réduction et de leur agrandissement
[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics]
"MinAnimate"=dword:00000000
;Passe l'avertissement sur les fichiers téléchargés quand on l'éxécute
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="no"
;Afficher les fichiers cachés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
;Conserve la connexion Internet active lors de changement de session
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"KeepRasConnections"="1"
;Désactiver la boite de dialogue de la protection des fichiers Windows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000004
;Désactive les raccourcis des options d'accessibilité
[HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys]
"Flags"="506"
[HKEY_CURRENT_USER\Control Panel\Accessibility\Keyboard Response]
"Flags"="122"
[HKEY_CURRENT_USER\Control Panel\Accessibility\ToggleKeys]
"Flags"="58"
;Rend l'explorateur de windows plus stable
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"DesktopProcess"=dword:00000001
;Ouvre les fenêtres des dossiers dans un processus différent
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SeparateProcess"=dword:00000001
;Supprime les 20% de bande passante réservable de Windows XP
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows\Psched]
"NonBestEffortLimit"=dword:00000000
;Maximisation du nombre de téléchargements Internet Explorer simultanés
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:0000000a
"MaxConnectionsPer1_0Server"=dword:0000000a
;Fermer les programmes plus rapidement en quittant Windows
[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"WaitToKillAppTimeout"="4000"
"HungAppTimeout"="4000"
;Affichage des menus accelere
"MenuShowDelay"="0"
"SmoothScroll"=hex:00,00,00,00
;Onglet performances personnalisé
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects]
"VisualFXSetting"=dword:00000003
"UserPreferencesMask"=hex:98,32,07,80
;Masquer automatiquement les icones inactives dans la barre de tâches
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"EnableAutoTray"=dword:00000001
;Gestion alimentation PC toujours actif
[HKEY_CURRENT_USER\Control Panel\PowerCfg]
"CurrentPowerPolicy"="2"
;Pouvoir coller des chaines de caractères dans la console
[HKEY_CURRENT_USER\Console]
"QuickEdit"=dword:00000001
;Désactivation de la souscription à Passport suite à l'installation de MSN Messenger
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
"RegistrationCompleted"=dword:00000001
;Activation du retour automatique à la ligne et la barre de statut dans Notepad
[HKEY_CURRENT_USER\Software\Microsoft\Notepad]
"fWrap"=dword:00000001
"StatusBar"=dword:00000001
;Réglage de la mémoire virtuelle à 320 Mo min et 1536 Mo Max
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management]
"PagingFiles"=hex(07):43,00,3a,00,5c,00,70,00,61,00,67,00,65,00,66,00,69,00,\
6c,00,65,00,2e,00,73,00,79,00,73,00,20,00,33,00,32,00,30,00,20,00,31,00,35,\
00,33,00,36,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"PagingFiles"=hex(07):43,00,3a,00,5c,00,70,00,61,00,67,00,65,00,66,00,69,00,\
6c,00,65,00,2e,00,73,00,79,00,73,00,20,00,33,00,32,00,30,00,20,00,31,00,35,\
00,33,00,36,00,00,00,00,00
;N'Affiche pas le menu documents récents dans Démarrer
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowRecentDocs"=dword:00000000
;Désactivation de la visite guidée de Windows
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]
"RunCount"=dword:0000000
;Désactive la prévention enbêtante à l'execution d'un fichier
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"HideZoneInfoOnProperties"=dword:00000001
;Désactive le nettoyage du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]
"NoRun"=dword:00000001
;Afficher les fichiers cachés
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"SuperHidden"=dword:00000001
;Montrer l'extension des fichiers connus
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt"=dword:00000000
;Activation du pavé numérique au chargement de Windows XP
[HKEY_CURRENT_USER\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2"
;Plus d'avertissement très gênant sur les fichiers téléchargés.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="no"
"RunInvalidSignatures"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.vbs;.inf;.msi;.htm;.html;.swf;.js;.mp3;.mp2;.ape;.apl;.flac;.shn;.mpc;.mp+;.wma;.ogg;.mp4;.aac;.voc;.mid;.mac;.cda;.kar;.midi;.rar;.zip;.wav;.jpg;.gif;.png;.bmp;.jpeg;.doc;.xls;.pls;.pub;.dat;.html;.htm;.avi;mpg;.mpeg;.nfo;.txt;.torrent;.diz;.ppt;.m3u;.sfv;.tar;.htt;.mht;.asp;.aspx;.tiff;.rtf;.ini;.cab;.ico;.icl;.ip;.iptheme;.msstyles;.theme;.dll;.psd;.vbs;.swf;.php;.xaml;.iso;.bin;.cue;.xml;.par;.par2;.ace;.arj;.lzh;.7z;.gz;.bz;.uue;.bz2;.jar;.z;.ade;.adn;.adp;.aia;.img;.date;.aip;.ait;amf;.ani;.aob;.asf;.csv;.fla;.pxr;.wmv;.nrg;.mov;.sav;.xhtml;.php5;.pxr;.m4a;.qxr;.h;.cpp;.pdd;.rle;.dib;.eps;.jpe;.pcx;.pdp;.raw;.pct;.pict;.sct;.tga;.vda;.icd;.vst;.tif;.tpl;.log;.prx;.cdf;.nls;.ax;.msc;.cpl;.EXE;.BAT;.COM;.CMD;.REG;.VBS;.INF;.MSI;.HTM;.HTML;.SWF;.JS;.MP3;.MP2;.APE;.APL;.FLAC;.SHN;.MPC;.MP+;.WMA;.OGG;.MP4;.AAC;.VOC;.MID;.MAC;.CDA;.KAR;.MIDI;.RAR;.ZIP;.WAV;.JPG;.GIF;.PNG;.BMP;.JPEG;.DOC;.XLS;.PLS;.PUB;.DAT;.HTML;.HTM;.AVI;MPG;.MPEG;.NFO;.TXT;.TORRENT;.DIZ;.PPT;.M3U;.SFV;.TAR;.HTT;.MHT;.ASP;.ASPX;.TIFF;.RTF;.INI;.CAB;.ICO;.ICL;.IP;.IPTHEME;.MSSTYLES;.THEME;.DLL;.PSD;.VBS;.SWF;.PHP;.XAML;.ISO;.BIN;.CUE;.XML;.PAR;.PAR2;.ACE;.ARJ;.LZH;.7Z;.GZ;.BZ;.UUE;.BZ2;.JAR;.Z;.ADE;.ADN;.ADP;.AIA;.IMG;.DATE;.AIP;.AIT;AMF;.ANI;.AOB;.ASF;.CSV;.FLA;.PXR;.WMV;.NRG;.MOV;.SAV;.XHTML;.PHP5;.PXR;.M4A;.QXR;.H;.CPP;.PDD;.RLE;.DIB;.EPS;.JPE;.PCX;.PDP;.RAW;.PCT;.PICT;.SCT;.TGA;.VDA;.ICD;.VST;.TIF;.TPL;.LOG;.PRX;.CDF;.NLS;.AX;.MSC;.CPL"
;Remise en ordre dans le menu démarrer et les favoris
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2]
;Désactive le rapport d'erreur de Microsoft Office 2003
[HKEY_CURRENT_USER\Software\Microsoft\Office\Common]
"QMEnable"=dword:00000000
;Désactive DrWatson
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"IEWatsonDisabled"=dword:00000001
;Désactive le Debogueur de script d'Internet Explorer
;Défilement des pages dans Internet Explorer plus net
;Pour ne plus afficher les messages d'erreurs HTTP simplifiés
;Attribu Google en page de démarrage Internet Explorer
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"="yes"
"IEWatsonEnabled"=dword:00000000
"SmoothScroll"=dword:00000001
"Friendly http errors"="no"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.fr/?gws_rd=ssl"
"Search Bar"="http://www.google.fr/toolbar/ie8/sidebar.html"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""="http://www.google.fr/keyword/%s"
;Permettre à media player de lire des dvd
[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings]
"EnableDVDUI"="yes"
;Désactiver le "raccourci vers"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Link"=hex:00,00,00,00
;Créer une catégorie Winrar au menu contextuel du clic droit
[HKEY_CURRENT_USER\SOFTWARE\WinRAR\Setup]
"ShellExt"=dword:00000001
"CascadedMenu"=dword:00000001
"MenuIcons"=dword:00000001
;Ne redémarre pas sur une erreur fatale
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl]
"AutoReboot"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"AutoReboot"=dword:00000000
;Suppression de l'élément Aide et Support du menu Démarrer
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_ShowHelp"=dword:00000000
LE RAPPORT :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Universal Serial Bus device deleted successfully.
C:\WINDOWS\usb_magr.exe moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} folder moved successfully.
File\Folder C:\WINDOWS\usb_magr.exe not found.
C:\WINDOWS\System32\mini.exe moved successfully.
C:\WINDOWS\System32\i moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gilou
->Temp folder emptied: 8911 bytes
->Temporary Internet Files folder emptied: 5084385 bytes
->Java cache emptied: 6425483 bytes
->FireFox cache emptied: 93171843 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 99,87 mb
OTL by OldTimer - Version 3.1.6.0 log created on 11202009_195756
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL.Txt : http://www.cijoint.fr/cjlink.php?file=cj200911/cij4ukQwRy.txt
Extras.Txt : http://www.cijoint.fr/cjlink.php?file=cj200911/cijL0bChq9.txt
Merci pour tout ce temps passé. Est-ce que vous pouvez m'expliquer en gros le problème qui se pose ?
Extras.Txt : http://www.cijoint.fr/cjlink.php?file=cj200911/cijL0bChq9.txt
Merci pour tout ce temps passé. Est-ce que vous pouvez m'expliquer en gros le problème qui se pose ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
OTL : http://www.cijoint.fr/cjlink.php?file=cj200911/cijRSNVUIX.txt
Extras : http://www.cijoint.fr/cjlink.php?file=cj200911/cijkBICLQQ.txt
Extras : http://www.cijoint.fr/cjlink.php?file=cj200911/cijkBICLQQ.txt
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
updatelive.exe
:OTL
O4 - HKLM..\Run: [Microsoft Driver Setup] C:\WINDOWS\updatelive.exe ()
:files
C:\Users\samimi08\AppData\Local\ftljaig.exe_old
C:\WINDOWS\updatelive.exe
C:\WINDOWS\System32\15.scr
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
updatelive.exe
:OTL
O4 - HKLM..\Run: [Microsoft Driver Setup] C:\WINDOWS\updatelive.exe ()
:files
C:\Users\samimi08\AppData\Local\ftljaig.exe_old
C:\WINDOWS\updatelive.exe
C:\WINDOWS\System32\15.scr
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
Bonjour,
après cette manip' au démarrage Antivir m'a signalé le virus WORM quelque chose.
Et sinon, tu peux m'expliquer alors ce qui se passe sur mon pc ?
Voici le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
No active process named updatelive.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Driver Setup deleted successfully.
C:\WINDOWS\updatelive.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\samimi08\AppData\Local\ftljaig.exe_old not found.
File\Folder C:\WINDOWS\updatelive.exe not found.
C:\WINDOWS\System32\15.scr moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gilou
->Temp folder emptied: 1076 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91846053 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 107922 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 87,73 mb
OTL by OldTimer - Version 3.1.6.0 log created on 11212009_132426
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
après cette manip' au démarrage Antivir m'a signalé le virus WORM quelque chose.
Et sinon, tu peux m'expliquer alors ce qui se passe sur mon pc ?
Voici le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
No active process named updatelive.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Driver Setup deleted successfully.
C:\WINDOWS\updatelive.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\samimi08\AppData\Local\ftljaig.exe_old not found.
File\Folder C:\WINDOWS\updatelive.exe not found.
C:\WINDOWS\System32\15.scr moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gilou
->Temp folder emptied: 1076 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91846053 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 107922 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 87,73 mb
OTL by OldTimer - Version 3.1.6.0 log created on 11212009_132426
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
et bien tu etais pas mal infectée mais nous avons apparement bien agi :)
remets MBAM a jour et fais un examen complet
remets MBAM a jour et fais un examen complet
Ok !
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3206
Windows 5.1.2600 Service Pack 2
21/11/2009 16:58:35
mbam-log-2009-11-21 (16-58-25).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Eléments examinés: 139138
Temps écoulé: 29 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\_OTL\MovedFiles\11212009_132426\C_WINDOWS\updatelive.exe (Worm.Kolab) -> No action taken.
C:\_OTL\MovedFiles\11212009_132426\C_WINDOWS\System32\15.scr (Worm.Kolab) -> No action taken.
Je n'ai pas fermé Malware au cas où, dis-moi si c'est ok ou si il faut que je fasse quelque chose.
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3206
Windows 5.1.2600 Service Pack 2
21/11/2009 16:58:35
mbam-log-2009-11-21 (16-58-25).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Eléments examinés: 139138
Temps écoulé: 29 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\_OTL\MovedFiles\11212009_132426\C_WINDOWS\updatelive.exe (Worm.Kolab) -> No action taken.
C:\_OTL\MovedFiles\11212009_132426\C_WINDOWS\System32\15.scr (Worm.Kolab) -> No action taken.
Je n'ai pas fermé Malware au cas où, dis-moi si c'est ok ou si il faut que je fasse quelque chose.
Logfile of random's system information tool 1.06 (written by random/random)
Run by gilou at 2009-11-21 22:23:32
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 12 GB (48%) free of 25 GB
Total RAM: 255 MB (12% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:48, on 21/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gilou\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\gilou.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
Run by gilou at 2009-11-21 22:23:32
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 12 GB (48%) free of 25 GB
Total RAM: 255 MB (12% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:48, on 21/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gilou\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\gilou.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"RTHDCPL"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\System32\61.scr"=-
"C:\WINDOWS\System32\17.scr"=-
"C:\WINDOWS\System32\15.scr"=-
:Files
C:\WINDOWS\System32\??.scr
C:\WINDOWS\system32\drivers\BSvBT.exe
C:\WINDOWS\updatelive.exe
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"RTHDCPL"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\System32\61.scr"=-
"C:\WINDOWS\System32\17.scr"=-
"C:\WINDOWS\System32\15.scr"=-
:Files
C:\WINDOWS\System32\??.scr
C:\WINDOWS\system32\drivers\BSvBT.exe
C:\WINDOWS\updatelive.exe
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\61.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\17.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\15.scr deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\??.scr not found.
File\Folder C:\WINDOWS\system32\drivers\BSvBT.exe not found.
File\Folder C:\WINDOWS\updatelive.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gilou
->Temp folder emptied: 561039 bytes
->Temporary Internet Files folder emptied: 3343575 bytes
->Java cache emptied: 6896961 bytes
->FireFox cache emptied: 58788195 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 66,40 mb
OTL by OldTimer - Version 3.1.6.0 log created on 11212009_223650
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\61.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\17.scr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\15.scr deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\??.scr not found.
File\Folder C:\WINDOWS\system32\drivers\BSvBT.exe not found.
File\Folder C:\WINDOWS\updatelive.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gilou
->Temp folder emptied: 561039 bytes
->Temporary Internet Files folder emptied: 3343575 bytes
->Java cache emptied: 6896961 bytes
->FireFox cache emptied: 58788195 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 66,40 mb
OTL by OldTimer - Version 3.1.6.0 log created on 11212009_223650
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
EDIT : Mon pc vient à l'instant de me signaler "C:\WINDOWS\system32\mini.exe Contient le modèle de détection du virus Windows W32/Virut.AT "
Bonjour, ok !
Depuis dimanche, aucune signalisation de virus au démarrage, pas non plus de message d'erreur par rapport au lecteur, je peux accéder à mon disque dur externe.
Tu veux que je refasse un scan pour vérifier ?
En tout cas, merci encore pour tout ce temps passé à m'aider. :)
Bonjour, ok !
Depuis dimanche, aucune signalisation de virus au démarrage, pas non plus de message d'erreur par rapport au lecteur, je peux accéder à mon disque dur externe.
Tu veux que je refasse un scan pour vérifier ?
En tout cas, merci encore pour tout ce temps passé à m'aider. :)
