SOS virus kubernscan dans mon PC

Résolu
a-l-aide -  
 sam -
salut !
voila j'ai un virus "kubernscan" qui je ne sais pas comment a infecter mon ordinateur portable, enfin j'ai peut être ma petite idée sur ça, c'est depuis que j'ai ce message "anna I Liebe you...milka@3 " sur explorer 8 et c'est bizarre vu que ce virus a atteint tout nos PC a la maison depuis qu'on a une connexion WIFI
donc voila j'ai avast comme anti virus et jusqu'à la dernière mise a jour il ne détecté rien
s'il vous plais aidez moi a m'en débarrasser car mon ordinateur et tout neuf
merci
A voir également:

45 réponses

Précédent
Réponse 21 / 45
a-l-aide
 
ok
et ce avira c'est un antivirus ? tu peux m'indiquer ou le téléchrger ?
merci
0
Réponse 22 / 45
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut a-l-aide


Télécharge OTM (de Old_Timer) sur le bureau :

http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/


Double-clique sur OTM.exe sur le bureau

- Copie le texte qui se trouve en gras ci-dessous et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"kubernesis.dll"=-
"kubernscan"=-

:files
C:\WINDOWS\kubernesis.dll.vbe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe

:commands
[emptytemp]

- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.

Refais un scan avec RSIT et poste le rapport


@++ :)
0
Réponse 23 / 45
a-l-aide
 
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kubernesis.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kubernscan deleted successfully.
========== FILES ==========
File move failed. C:\WINDOWS\kubernesis.dll.vbe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 377093 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 187413 bytes

User: utilisateur
->Temp folder emptied: 349357010 bytes
->Temporary Internet Files folder emptied: 119155222 bytes
->Flash cache emptied: 9298 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19925616 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23961702 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 491,00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04172010_215929

Files moved on Reboot...
C:\WINDOWS\kubernesis.dll.vbe moved successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6f4.dat not found!

Registry entries deleted on Reboot...
0
Réponse 24 / 45
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut a-l-aide


Cela semble bon, refais un rsit comme demandé.


@++ :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
a-l-aide
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2010-04-17 22:08:25
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 120 GB (83%) free of 146 GB
Total RAM: 1015 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:33, on 17/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\utilisateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [kubernesis.dll] C:\WINDOWS\kubernesis.dll.vbe
O4 - HKLM\..\Run: [kubernscan] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
0
Réponse 26 / 45
a-l-aide
 
ok dédétraqué
mais meme si cela semble bon, j'ai toujours "anna i liebe you .... milk@3" sur la barre explorer

je vais faire ce que tu m'as dit et je te poste les rapport

@+
:D
0
Réponse 27 / 45
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut a-l-aide


Un chose a la fois, cela sera la suite


@++ :)
0
Réponse 28 / 45
a-l-aide
 
oky sorry :D

voila le rapport OTM

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kubernesis.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kubernscan deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: utilisateur
->Temp folder emptied: 722252 bytes
->Temporary Internet Files folder emptied: 4988288 bytes
->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04172010_223501

Files moved on Reboot...
C:\Documents and Settings\utilisateur\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
File C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF90FA.tmp not found!
File C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF910E.tmp not found!
File C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF9171.tmp not found!
File C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF9185.tmp not found!
File C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF91D0.tmp not found!
File C:\Documents and Settings\utilisateur\Local Settings\Temp\~DF91E4.tmp not found!
C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\HC1EUK05\affich-17403940-sos-virus-kubernscan-dans-mon-pc[1].htm moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6fc.dat not found!

Registry entries deleted on Reboot...
0
Réponse 29 / 45
a-l-aide
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2010-04-17 22:41:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 120 GB (83%) free of 146 GB
Total RAM: 1015 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:47, on 17/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\BitComet\BitComet.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\utilisateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
0
Réponse 30 / 45
a-l-aide
 
--
End of file - 9130 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3533070573-692010324-2715893389-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3533070573-692010324-2715893389-1004.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{27FD9ECB-6876-4A97-B3F6-A12C632106AE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-03 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll [2010-01-28 671480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-05 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-03-06 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-05 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-07-21 159744]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-03 202256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-02 40368]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2009-11-10 5244216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-03 39408]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=255
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-04-17 21:52:26 ----D---- C:\_OTM
2010-04-17 18:28:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-17 17:45:11 ----RASHD---- C:\autorun.inf
2010-04-17 17:29:45 ----A---- C:\UsbFix.txt
2010-04-17 17:19:28 ----D---- C:\UsbFix
2010-04-17 11:22:42 ----D---- C:\rsit
2010-04-17 11:22:42 ----D---- C:\Program Files\trend micro
2010-04-16 03:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-16 03:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-16 03:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-16 03:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-15 17:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 17:23:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 17:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-10 02:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-04-09 03:06:28 ----D---- C:\WINDOWS\system32\XPSViewer
2010-04-09 03:06:22 ----D---- C:\Program Files\MSBuild
2010-04-09 03:06:20 ----D---- C:\WINDOWS\system32\en-US
2010-04-09 03:06:12 ----D---- C:\Program Files\Reference Assemblies
2010-04-09 03:05:39 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-04-09 03:05:39 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-04-09 03:05:39 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-04-09 03:05:38 ----D---- C:\f31b5b799f4438e6ba882f9b
2010-04-08 19:07:31 ----D---- C:\Downloads
2010-04-08 19:07:30 ----D---- C:\Documents and Settings\utilisateur\Application Data\BitComet
2010-04-08 19:06:22 ----D---- C:\Program Files\BitComet
2010-04-07 20:01:34 ----RSD---- C:\WINDOWS\assembly
2010-04-07 20:00:30 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-04 20:55:21 ----D---- C:\WINDOWS\Minidump
2010-03-28 20:37:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-03-27 15:19:01 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2010-03-27 15:09:35 ----D---- C:\Program Files\Messenger Plus! Live
2010-03-25 18:04:50 ----D---- C:\Program Files\eMule

======List of files/folders modified in the last 1 months======

2010-04-17 22:41:31 ----SD---- C:\WINDOWS\Tasks
2010-04-17 22:38:52 ----D---- C:\WINDOWS\Temp
2010-04-17 22:35:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-17 22:35:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 22:04:48 ----D---- C:\WINDOWS\Prefetch
2010-04-17 22:03:55 ----D---- C:\WINDOWS
2010-04-17 22:01:50 ----D---- C:\WINDOWS\system32
2010-04-17 20:04:37 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-17 18:28:21 ----D---- C:\WINDOWS\system32\drivers
2010-04-17 18:28:17 ----RD---- C:\Program Files
2010-04-17 17:44:56 ----SHD---- C:\RECYCLER
2010-04-17 17:26:54 ----HD---- C:\WINDOWS\inf
2010-04-16 03:05:58 ----SHD---- C:\WINDOWS\Installer
2010-04-16 03:05:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-04-16 03:05:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-16 03:04:54 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-16 03:04:51 ----A---- C:\WINDOWS\imsins.BAK
2010-04-16 03:02:13 ----D---- C:\WINDOWS\ie8updates
2010-04-15 20:17:29 ----D---- C:\Documents and Settings\utilisateur\Application Data\vlc
2010-04-15 20:16:57 ----D---- C:\Documents and Settings\utilisateur\Application Data\dvdcss
2010-04-12 15:19:11 ----SD---- C:\Documents and Settings\utilisateur\Application Data\Microsoft
2010-04-10 02:15:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-10 02:14:39 ----D---- C:\WINDOWS\WinSxS
2010-04-10 02:12:08 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-09 03:06:18 ----RSD---- C:\WINDOWS\Fonts
2010-04-09 03:05:54 ----D---- C:\WINDOWS\system32\spool
2010-04-09 03:03:14 ----D---- C:\WINDOWS\system32\mui
2010-04-09 03:03:14 ----D---- C:\Program Files\Internet Explorer
2010-04-06 18:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-04 20:55:14 ----D---- C:\Program Files\Yahoo!
2010-03-28 20:37:25 ----D---- C:\Program Files\Windows Live
2010-03-28 20:37:16 ----D---- C:\WINDOWS\system32\DirectX
2010-03-20 22:04:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-03-20 22:04:27 ----D---- C:\Program Files\Fichiers communs\Apple
2010-03-20 22:03:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-19 18:05:50 ----A---- C:\WINDOWS\system32\wmp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-12-21 163376]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-07-24 991656]
R3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-07-24 47272]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys [2008-08-22 308608]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 RTSTOR;USB Mass Storage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2008-01-16 47360]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-10-31 989696]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-10-31 211456]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-10-31 731520]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-07-30 346720]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-06 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
0
Réponse 31 / 45
a-l-aide
 
ok ok
mais déjà je vois qu'il n'y a plus "anna i liebe....."
0
Réponse 32 / 45
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut a-l-aide


Exact, c'étais le but du fix avec HJT


@++ :)
0
Réponse 33 / 45
a-l-aide
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9b2c11b6e9270948b7cbe97ef7276adb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-18 01:54:55
# local_time=2010-04-18 02:54:55 (+0100, Afr. centrale Ouest)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1214 1214 0 0
# compatibility_mode=769 16775125 100 98 2971 207828405 113804 0
# compatibility_mode=8192 67108863 100 0 731 731 0 0
# scanned=37856
# found=110
# cleaned=110
# scan_time=12047
C:\UsbFix_Upload_Me_MIMINA.zip VBS/AutoRun.DZ worm (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP17\A0004885.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP17\A0004909.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP18\A0004919.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP18\A0005023.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP18\A0005043.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP19\A0005054.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP20\A0005326.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP20\A0005336.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP21\A0005343.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP21\A0005354.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP21\A0005382.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP21\A0005399.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP21\A0005411.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP22\A0005431.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP22\A0005445.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP23\A0005459.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP23\A0005473.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP23\A0006472.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP24\A0006500.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP24\A0006511.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP24\A0006531.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP25\A0006614.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP25\A0006624.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP25\A0006635.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP25\A0006645.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP25\A0006655.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP26\A0006663.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP26\A0006673.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP27\A0006693.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP28\A0006843.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP28\A0006978.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP28\A0007002.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP29\A0007018.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP29\A0007031.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP29\A0007054.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP30\A0007060.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP30\A0007080.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP30\A0007092.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP31\A0007103.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP31\A0007131.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP31\A0007149.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP31\A0007167.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP32\A0007187.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP32\A0007200.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP32\A0007210.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP32\A0007231.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP33\A0007250.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP33\A0007272.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP34\A0007492.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP34\A0007524.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP34\A0007535.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP35\A0007553.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP35\A0007580.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP35\A0007598.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP36\A0007616.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP36\A0007629.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP37\A0007703.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP38\A0007731.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP38\A0007747.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP38\A0007782.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP39\A0007789.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP39\A0007813.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP39\A0007847.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP40\A0007856.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP40\A0008848.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP40\A0008871.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP40\A0009870.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP40\A0009879.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP41\A0009887.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP41\A0009917.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP42\A0009941.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP42\A0009953.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP42\A0009969.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP42\A0009978.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP42\A0009988.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP42\A0010005.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP42\A0010041.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP43\A0010046.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP44\A0010058.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP44\A0010433.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP45\A0010451.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP46\A0010641.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP46\A0010673.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP46\A0010683.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP47\A0010699.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP47\A0010726.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP47\A0010747.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP47\A0011748.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP48\A0011764.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP48\A0011778.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP48\A0011796.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP48\A0011827.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP49\A0011843.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP49\A0011854.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP49\A0011933.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP50\A0011945.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP50\A0011955.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP51\A0011971.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP51\A0012067.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP51\A0012079.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP51\A0012092.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP51\A0012112.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP51\A0012123.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP51\A0012133.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP51\A0012170.inf VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\C\autorun.inf.UsbFix VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\C\kubernesis.vbe.UsbFix VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\C\WINDOWS\kubernesis.dll.vbe.UsbFix VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\UsbFix\Quarantine\E\autorun.inf.UsbFix VBS/AutoRun.DZ worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
0
Réponse 34 / 45
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut


Cela est bon, pour des raisons de sécurité et surtout pour garder ton PC propre, on va désactiver la restauration système sur tous les lecteurs :

- Clique droit sur le Poste de travail sur le bureau, dans propriété tu cliques sur l'onglet Restauration système

- Coche la case désactiver la restauration et applique

Redémarre l'ordinateur et réactive la restauration système.

Tutoriel XP : http://www.libellules.ch/desactiver_restauration.php


-----


On va faire un ménage des outils téléchargés pour la désinfection, télécharge Tools Cleaner sur le bureau :

http://pc-system.fr/


- Double clique sur ToolsCleaner2.exe sur le bureau
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options facultatives.
- Clique sur Quitter pour obtenir le rapport.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
- Si des outils restes après le passage de Tools Cleaner, tu pourras les supprimer manuellement ainsi que tous les rapports qui on été généré lors de la désinfection.


-----


Important de mettre à jour Windows et tes logiciels :
Mettre Windows(catégories critique, Services Pack et Services Release) à jour : http://www.windowsupdate.com/windowsupdate/v6/default.aspx

Faire un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités et mettre à jour :
https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/

Faire un ménage des fichiers inutiles et de la base de registre :
https://www.malekal.com/tutoriel-ccleaner/

Dis moi quand cela est fais où si tu as des soucis et on passe à la résolution du sujet par la suite.


@++ :)
0
Réponse 35 / 45
a-l-aide
 
Bonjour dédétraqué
merci beaucoup pour tes réponses
je ferai toutes ces démarches une foi rentré chez moicar la je dois aller travailler
je te tiendrai au courant
a ce soir
:)
0
Réponse 36 / 45
Utilisateur anonyme
 
Hello dédétraqué ,

les fichiers supprimés suivants ::


Supprimé ! E:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
Supprimé ! E:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
Supprimé ! E:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013
Supprimé ! E:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
Supprimé ! E:\Restore\k-1-3542-4232123213-7676767-8888886
Supprimé ! C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP49\A0011871.exe
Supprimé ! C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP49\A0011872.exe
Supprimé ! C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP49\A0011877.exe
Supprimé ! C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP49\A0011878.exe
SuppriSupprimé ! E:\RECYCLER\RECYCLER.exe
Supprimé ! E:\Restore\Restore.exe mé ! C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP49\A0011884.exe
Supprimé ! C:\System Volume Information\_restore{730D25B4-D33A-4541-A834-AD0DA0165E62}\RP49\A0011885.exe
Supprimé ! E:\perso\perso.exe
Supprimé ! E:\ppac1\ppac1.exe
Supprimé ! E:\ppac1\P.P.A.C(2006-2007)\P.P.A.C(2006-2007).exe
Supprimé ! E:\ppac1\conf'rences de P.P.A.C\conf'rences de P.P.A.C.exe
Supprimé ! E:\ppac1\conf'rences de P.P.A.C\Dr.GUEZZEN\Dr.GUEZZEN.exe
Supprimé ! E:\ppac1\conf'rences de P.P.A.C\Dr.EDDAIDJ\Dr.EDDAIDJ.exe
Supprimé ! E:\ppac1\conf'rences de P.P.A.C\Dr.BOUMEDIENE\Dr.BOUMEDIENE.exe
Supprimé ! E:\ppac1\conf'rences de P.P.A.C\Dr. SLAMANI\Dr. SLAMANI.exe
Supprimé ! E:\ppac\ppac.exe
Supprimé ! E:\ppac\P.P.A.C(2006-2007)\P.P.A.C(2006-2007).exe
Supprimé ! E:\ppac\conf'rences de P.P.A.C\conf'rences de P.P.A.C.exe
Supprimé ! E:\ppac\conf'rences de P.P.A.C\Dr.BOUMEDIENE\Dr.BOUMEDIENE.exe
Supprimé ! E:\ppac\conf'rences de P.P.A.C\Dr.GUEZZEN\Dr.GUEZZEN.exe
Supprimé ! E:\ppac\conf'rences de P.P.A.C\Dr. SLAMANI\Dr. SLAMANI.exe
Supprimé ! E:\ppac\conf'rences de P.P.A.C\Dr.EDDAIDJ\Dr.EDDAIDJ.exe
Supprimé ! E:\RESTORE\H-6-1-53-0976546321-090909032-8763-1337\H-6-1-53-0976546321-090909032-8763-1337.exe

Ne sont pas des FP . Ils ont été crées par un Worm.Autoit .

UsbFix les a identifié en comparant le MD5 de ces 2 fichiers :

E:\RECYCLER\RECYCLER.exe
E:\Restore\Restore.exe

Néanmoins UsbFix n a pas détecté : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe

Cette mauvaise détection sera corrigée dans la prochaine MAJ .

Cordialement .
0
Réponse 37 / 45
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut El_Desaparecido


Ne sont pas des FP . Ils ont été crées par un Worm.Autoit .
Effectivement je l'ai vu par après dans avoir parler, j'aurais du le mentionner.


Également comme tu mentionnes, il n'avais pas été détecté dans Démarrage, merci encore pour ton outil.


@++ :)
0
Réponse 38 / 45
a-l-aide
 
salut dédétraqué
voila le rapport de TCleaner:

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\UsbFix.txt: trouvé !
C:\_OTM: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Downloads\OTM.exe: trouvé !
C:\Downloads\UsbFix.exe: trouvé !
C:\Downloads\Rsit.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Downloads\OTM.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\UsbFix.txt: supprimé !
C:\Downloads\UsbFix.exe: supprimé !
C:\Downloads\Rsit.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\_OTM: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
0
Réponse 39 / 45
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut a-l-aide


OK cela est bon, dit moi pour la suite.


@++ :)
0
Réponse 40 / 45
a-l-aide
 
salut
voila j'ai mis a jour windows et les logiciels
mais j'ai un problème pour le scan de vulnérabilité; il me demande java (JVM) que je n'ai pas et que je n'arrive pas a installer via le même lien (si tu peux m'aider ça ne serai pas de refus)
pour Ccliner je l'ai installer et si je ne me trompe pas je dois clicker sur analyser et puis c'est tout ?!!!
encore merci beaucoup dédétraqué tu m'as beaucoup aidé
0