Virus Winxp... encore un Résolu/Fermé

Question

Bonsoir,

J ai pris un virus avec une clef USB, c est un message Winxp virus.

J ai parcouru ce forum et voici la copie de l anayse faite avechijeckthis.. si quelqu un peut me dire quoi faire...

D avance merci


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:06, on 02/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\drivers\audio0\stacsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
c:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Refresh IT Solutions\Refresh Distributor\RefreshDistributorAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fighters\FighterSuiteService.exe
C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Common Files\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Iminent\IMBooster\imbooster.exe
C:\WINDOWS\bginfo.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Fighters\Tray\FightersTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe
D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.alstom.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://iww.alstom.com/altair
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eTMonitor] c:\Program Files\Common Files\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Bginfo] C:\WINDOWS\bginfo.exe C:\WINDOWS\bginfo_shortcut.bgi /SILENT /TIMER:0 /NOLICPROMPT /TASKBAR
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HPMonitor.exe.lnk = C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
O4 - Global Startup: hpwjd.exe.lnk = D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe
O4 - Global Startup: hpwmsd.exe.lnk = D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://iww.alstom.com/altair
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\Software\..\Telephony: DomainName = dom2.ad.sys
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2E5C112-63B3-4026-A96E-4729CB2CFC31}: Domain = dom2.ad.sys
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dom2.ad.sys,ad.sys,notes.alstom.com,netmeeting.alstom.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dom2.ad.sys,ad.sys,notes.alstom.com,netmeeting.alstom.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dom2.ad.sys,ad.sys,notes.alstom.com,netmeeting.alstom.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - c:\program files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - c:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\Program Files\lotus
otes
tmulti.exe
O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
O23 - Service: Refresh Distributor - Refresh IT Solutions - C:\Program Files\Refresh IT Solutions\Refresh Distributor\RefreshDistributorAgent.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\windows\drivers\audio0\stacsv.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Destrio5 · Answer

Bonjour,

--> https://forums.commentcamarche.net/forum/affich-37636394-desinfecter-une-cle-usb-ou-un-disque-amovible#usbfix

Poste le rapport d'UsbFix.

JakinBoaz09 · Answer

oui mais  cest sur mon disque dur... je viens de poster un rapport

Destrio5 · Answer

Oui je sais mais tu as utilisé HijackThis et j'ai demandé UsbFix.

JakinBoaz09 · Answer

on me dit que ca ne fonctionne pas (odeur et resilaition etc

JakinBoaz09 · Answer

j ai soucis, ils ne reconnaissent pas GSM

Destrio5 · Answer

De quoi tu parles ?

JakinBoaz09 · Answer

oulah desolé, il est tard GSM n a rien avoir la dedans

Par contre le PC dit que je n ai pas le usbFix.exe, recu ni evaluer.
Cedric

Destrio5 · Answer

Tu n'arrives pas à le télécharger ?

JakinBoaz09 · Answer

non a priori

Destrio5 · Answer

HijackThis, tu as réussi à le télécharger pourtant, qu'est-ce qui se passe ?

JakinBoaz09 · Answer

aucune idee je reessaie

JakinBoaz09 · Answer

j ai relancé et re telechargé, j ai lancé un research

JakinBoaz09 · Answer

et 

C:\WINDOWS\System32\smss.exe (1492)
C:\WINDOWS\system32\winlogon.exe (1632)
C:\WINDOWS\system32\services.exe (1676)
C:\WINDOWS\system32\lsass.exe (1688)
C:\WINDOWS\system32\svchost.exe (1876)
C:\WINDOWS\system32\svchost.exe (484)
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (724)
C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe (788)
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe (1032)
C:\WINDOWS\System32\WLTRYSVC.EXE (1452)
C:\WINDOWS\System32\bcmwltry.exe (1464)
C:\WINDOWS\system32\spoolsv.exe (1536)
c:\windows\drivers\audio0\stacsv.exe (1580)
C:\Program Files\Altiris\AClient\AClient.exe (960)
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (1108)
C:\WINDOWS\system32\ccsrvc.exe (1308)
C:\Program Files\Altiris\Carbon Copy\shellker.exe (1332)
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (1348)
C:\WINDOWS\System32\svchost.exe (1392)
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (872)
c:\Program Files\Java\jre6\bin\jqs.exe (1048)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe (1952)
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (632)
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (1408)
C:\Program Files\Refresh IT Solutions\Refresh Distributor\RefreshDistributorAgent.exe (2276)
C:\WINDOWS\system32\svchost.exe (2372)
C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (3432)
C:\WINDOWS\system32\SearchIndexer.exe (3780)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (2084)
C:\PROGRA~1\Altiris\CARBON~1\client.exe (2680)
C:\WINDOWS\Explorer.EXE (3836)
C:\WINDOWS\system32\hkcmd.exe (3588)
C:\WINDOWS\system32\igfxpers.exe (1956)
C:\WINDOWS\system32\wscript.exe (2272)
C:\Program Files\DellTPad\Apoint.exe (2432)
C:\Program Files\IDT\WDM\sttray.exe (3580)
C:\WINDOWS\system32\AESTFltr.exe (3652)
C:\Program Files\Altiris\AClient\AClntUsr.EXE (1208)
C:\Program Files\DellTPad\ApMsgFwd.exe (2072)
C:\Program Files\DellTPad\HidFind.exe (2540)
C:\Program Files\DellTPad\Apntex.exe (2668)
C:\Program Files\Common Files\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe (2960)
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (2972)
C:\WINDOWS\system32\WLTRAY.exe (2772)
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (2840)
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (3760)
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (260)
C:\Program Files\Iminent\IMBooster\imbooster.exe (2760)
C:\WINDOWS\bginfo.exe (3356)
C:\Program Files\McAfee\Common Framework\udaterui.exe (3312)
C:\WINDOWS\system32\wscript.exe (3320)
C:\WINDOWS\system32\ctfmon.exe (3484)
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (3520)
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe (2252)
C:\Program Files\McAfee\Common Framework\McTray.exe (840)
C:\Program Files\Messenger\msmsgs.exe (2584)
C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (3020)
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (1160)
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (524)
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (1984)
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe (1668)
C:\Program Files\Skype\Phone\Skype.exe (4292)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (4304)
C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (4316)
C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe (4396)
D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe (4448)
D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe (4536)
C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe (4608)
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE (5076)
C:\WINDOWS\system32\msiexec.exe (4756)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2476)
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (2208)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (6100)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2420)
C:\Program Files\Internet Explorer\iexplore.exe (2952)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2360)
C:\WINDOWS\system32\wscript.exe (4732)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4880)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2296)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2768)
C:\WINDOWS\system32\wscript.exe (1840)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1448)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (5368)
C:\UsbFix\Go.exe (5932)

################## | Files # Infected Folders |

Found ! C:\WINDOWS\system32\winjpg.jpg
Found ! C:\autorun.inf
Found ! D:\autorun.inf

Destrio5 · Answer

Il est incomplet.

JakinBoaz09 · Answer

la suite


################## | Registry |

Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwtsn32.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwwinxp.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSConfig.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsegedit.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsstrui.exe
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	askmgr.exe
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableSR
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|forceclassiccontrolpanel
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoSMHelp
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CTFMON
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|regdiit

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{44ded6d0-6092-11e1-b8bd-5c260a3cc333}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs photo-v2.jpg

HKCU\.\.\.\.\Explorer\MountPoints2\{a13ad858-6358-11e0-b6af-5c260a3cc333}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{ad54e924-6228-11e1-b8c5-5c260a3cc333}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 

HKCU\.\.\.\.\Explorer\MountPoints2\{c5e24315-62a9-11e1-b8c7-5c260a3cc333}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs photo-v2.jpg

HKCU\.\.\.\.\Explorer\MountPoints2\{d3ab4e5b-4896-11e0-b65c-5c260a3cc333}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d3ab4e5f-4896-11e0-b65c-5c260a3cc333}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{fd796f20-0c4b-11e1-b815-5c260a3cc333}
Shell\AutoRun\Command = G:\Samsung_Drive_Manager.exe



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

Destrio5 · Answer

--> Relance UsbFix, choisis l'option "Suppression" et poste le rapport.

JakinBoaz09 · Answer

et hop partie 1
PC: Dell Inc. (Latitude E4310) (X86-based PC) # Notebook
CPU: Intel Pentium II processor (2659)
RAM -> [ Total : 3510 | Free : 2309 ]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 6.0.2900.5512

SC: Security Center Service [ (!) Disabled ]
WU: Windows Update Service [ (!) Disabled ]
FW: Windows FireWall Service [ Enabled ]

C:\ -> Fixed drive # 40 Gb (19 Mb free - 49%) [SYSTEM] # NTFS
D:\ (%systemdrive%) -> Fixed drive # 193 Gb (131 Mb free - 68%) [DATA] # NTFS
E:\ -> CD-ROM

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (1492)
C:\WINDOWS\system32\winlogon.exe (1632)
C:\WINDOWS\system32\services.exe (1676)
C:\WINDOWS\system32\lsass.exe (1688)
C:\WINDOWS\system32\svchost.exe (1876)
C:\WINDOWS\system32\svchost.exe (484)
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (724)
C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe (788)
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe (1032)
C:\WINDOWS\System32\WLTRYSVC.EXE (1452)
C:\WINDOWS\System32\bcmwltry.exe (1464)
C:\WINDOWS\system32\spoolsv.exe (1536)
c:\windows\drivers\audio0\stacsv.exe (1580)
C:\Program Files\Altiris\AClient\AClient.exe (960)
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (1108)
C:\WINDOWS\system32\ccsrvc.exe (1308)
C:\Program Files\Altiris\Carbon Copy\shellker.exe (1332)
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (1348)
C:\WINDOWS\System32\svchost.exe (1392)
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (872)
c:\Program Files\Java\jre6\bin\jqs.exe (1048)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe (1952)
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (632)
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (1408)
C:\Program Files\Refresh IT Solutions\Refresh Distributor\RefreshDistributorAgent.exe (2276)
C:\WINDOWS\system32\svchost.exe (2372)
C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (3432)
C:\WINDOWS\system32\SearchIndexer.exe (3780)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (2084)
C:\PROGRA~1\Altiris\CARBON~1\client.exe (2680)
C:\WINDOWS\Explorer.EXE (3836)
C:\WINDOWS\system32\hkcmd.exe (3588)
C:\WINDOWS\system32\igfxpers.exe (1956)
C:\WINDOWS\system32\wscript.exe (2272)
C:\Program Files\DellTPad\Apoint.exe (2432)
C:\Program Files\IDT\WDM\sttray.exe (3580)
C:\WINDOWS\system32\AESTFltr.exe (3652)
C:\Program Files\Altiris\AClient\AClntUsr.EXE (1208)
C:\Program Files\DellTPad\ApMsgFwd.exe (2072)
C:\Program Files\DellTPad\HidFind.exe (2540)
C:\Program Files\DellTPad\Apntex.exe (2668)
C:\Program Files\Common Files\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe (2960)
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (2972)
C:\WINDOWS\system32\WLTRAY.exe (2772)
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (2840)
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (3760)
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (260)
C:\Program Files\Iminent\IMBooster\imbooster.exe (2760)
C:\WINDOWS\bginfo.exe (3356)
C:\Program Files\McAfee\Common Framework\udaterui.exe (3312)
C:\WINDOWS\system32\wscript.exe (3320)
C:\WINDOWS\system32\ctfmon.exe (3484)
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (3520)
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe (2252)
C:\Program Files\McAfee\Common Framework\McTray.exe (840)
C:\Program Files\Messenger\msmsgs.exe (2584)
C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (3020)
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (1160)
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (524)
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (1984)
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe (1668)
C:\Program Files\Skype\Phone\Skype.exe (4292)

JakinBoaz09 · Answer

partie 2

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (4304)
C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (4316)
C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe (4396)
D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe (4448)
D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe (4536)
C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe (4608)
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE (5076)
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (2208)
C:\Program Files\Internet Explorer\iexplore.exe (2952)
C:\WINDOWS\system32\wscript.exe (4732)
C:\WINDOWS\system32\wscript.exe (1840)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2380)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2032)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4480)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2240)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4368)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1920)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4080)
D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (5348)
C:\UsbFix\Go.exe (4512)

################## | Stopped processes |

Stopped! C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (724)
Stopped! C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe (788)
Stopped! C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe (1032)
Stopped! C:\WINDOWS\System32\WLTRYSVC.EXE (1452)
Stopped! C:\WINDOWS\System32\bcmwltry.exe (1464)
Stopped! C:\WINDOWS\system32\spoolsv.exe (1536)
Stopped! c:\windows\drivers\audio0\stacsv.exe (1580)
Stopped! C:\Program Files\Altiris\AClient\AClient.exe (960)
Stopped! C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (1108)
Stopped! C:\WINDOWS\system32\ccsrvc.exe (1308)
Stopped! C:\Program Files\Altiris\Carbon Copy\shellker.exe (1332)
Stopped! C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (1348)
Stopped! c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe (872)
Stopped! c:\Program Files\Java\jre6\bin\jqs.exe (1048)
Stopped! C:\Program Files\McAfee\Common Framework\FrameworkService.exe (1952)
Stopped! C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (632)
Stopped! C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (1408)
Stopped! C:\Program Files\Refresh IT Solutions\Refresh Distributor\RefreshDistributorAgent.exe (2276)
Stopped! C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (3432)
Stopped! C:\WINDOWS\system32\SearchIndexer.exe (3780)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (2084)
Stopped! C:\PROGRA~1\Altiris\CARBON~1\client.exe (2680)
Stopped! C:\WINDOWS\system32\hkcmd.exe (3588)
Stopped! C:\WINDOWS\system32\igfxpers.exe (1956)
Stopped! C:\WINDOWS\system32\wscript.exe (2272)
Stopped! C:\Program Files\DellTPad\Apoint.exe (2432)
Stopped! C:\Program Files\IDT\WDM\sttray.exe (3580)
Stopped! C:\WINDOWS\system32\AESTFltr.exe (3652)
Stopped! C:\Program Files\Altiris\AClient\AClntUsr.EXE (1208)
Stopped! C:\Program Files\DellTPad\ApMsgFwd.exe (2072)
Stopped! C:\Program Files\DellTPad\HidFind.exe (2540)
Stopped! C:\Program Files\DellTPad\Apntex.exe (2668)
Stopped! C:\Program Files\Common Files\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe (2960)
Stopped! C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (2972)
Stopped! C:\WINDOWS\system32\WLTRAY.exe (2772)
Stopped! C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (2840)
Stopped! C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (3760)
Stopped! C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (260)
Stopped! C:\Program Files\Iminent\IMBooster\imbooster.exe (2760)
Stopped! C:\WINDOWS\bginfo.exe (3356)
Stopped! C:\Program Files\McAfee\Common Framework\udaterui.exe (3312)
Stopped! C:\WINDOWS\system32\wscript.exe (3320)
Stopped! C:\WINDOWS\system32\ctfmon.exe (3484)
Stopped! C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (3520)
Stopped! C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe (2252)
Stopped! C:\Program Files\McAfee\Common Framework\McTray.exe (840)
Stopped! C:\Program Files\Messenger\msmsgs.exe (2584)
Stopped! C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (3020)
Stopped! C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (1160)
Stopped! C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (524)
Stopped! C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (1984)
Stopped! C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe (1668)
Stopped! C:\Program Files\Skype\Phone\Skype.exe (4292)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (4304)
Stopped! C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (4316)
Stopped! C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe (4396)
Stopped! D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwjd.exe (4448)
Stopped! D:\Documents and Settings\All Users\Application Data\HP Mouse Suite Config\hpwmsd.exe (4536)
Stopped! C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe (4608)
Stopped! C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE (5076)
Stopped! c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe (2208)
Stopped! C:\Program Files\Internet Explorer\iexplore.exe (2952)
Stopped! C:\WINDOWS\system32\wscript.exe (4732)
Stopped! C:\WINDOWS\system32\wscript.exe (1840)
Stopped! D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2380)
Stopped! D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2032)
Stopped! D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4480)
Stopped! D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2240)
Stopped! D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4368)
Stopped! D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1920)
Stopped! D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4080)
Stopped! D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (5348)

JakinBoaz09 · Answer

partie 3


################## | Files # Infected Folders |

Deleted ! C:\WINDOWS\system32\winjpg.jpg
Deleted ! C:\Recycler\S-1-5-18
Deleted ! C:\Recycler\S-1-5-21-329068152-630328440-1801674531-500
Deleted ! C:\Recycler\S-1-5-21-583907252-2052111302-839522115-156361
Deleted ! D:\Recycler\S-1-5-18
Deleted ! D:\Recycler\S-1-5-21-329068152-630328440-1801674531-500
Deleted ! D:\Recycler\S-1-5-21-583907252-2052111302-839522115-156361
Deleted ! C:\autorun.inf
Deleted ! D:\autorun.inf

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwtsn32.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwwinxp.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSConfig.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsegedit.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsstrui.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	askmgr.exe
Not deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Not deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deleted ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableSR
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|forceclassiccontrolpanel
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoSMHelp
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CTFMON
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|regdiit

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{44ded6d0-6092-11e1-b8bd-5c260a3cc333}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a13ad858-6358-11e0-b6af-5c260a3cc333}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{ad54e924-6228-11e1-b8c5-5c260a3cc333}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c5e24315-62a9-11e1-b8c7-5c260a3cc333}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d3ab4e5b-4896-11e0-b65c-5c260a3cc333}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d3ab4e5f-4896-11e0-b65c-5c260a3cc333}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{fd796f20-0c4b-11e1-b815-5c260a3cc333}

################## | Listing |

[02/03/2012 - 01:34:44 | N | 1458] 	C:\AClient.cfg
[06/08/2011 - 15:11:10 | N | 41] 	C:\AClient.dat
[06/02/2012 - 08:41:00 | D ] 	C:\ASDCache
[02/03/2011 - 10:43:36 | N | 0] 	C:\AUTOEXEC.BAT
[02/03/2011 - 10:40:50 | N | 211] 	C:\boot.ini
[02/03/2011 - 10:43:36 | N | 0] 	C:\CONFIG.SYS
[07/03/2011 - 09:47:13 | D ] 	C:\Dell
[01/03/2012 - 23:38:34 | D ] 	C:\FyK
[02/03/2012 - 01:34:22 | ASH | 3680387072] 	C:\hiberfil.sys
[02/03/2011 - 11:36:01 | D ] 	C:\i386
[02/03/2011 - 11:39:18 | D ] 	C:\Intel
[02/03/2011 - 10:43:36 | N | 0] 	C:\IO.SYS
[02/03/2011 - 10:43:36 | N | 0] 	C:\MSDOS.SYS
[18/10/2011 - 09:06:04 | RHD ] 	C:\MSOCache
[14/04/2008 - 13:00:00 | N | 47564] 	C:\NTDETECT.COM
[14/04/2008 - 13:00:00 | N | 250048] 	C:
tldr
[02/03/2012 - 02:26:14 | N | 103302] 	C:\photo-v2.jpg
[02/03/2012 - 01:46:04 | D ] 	C:\Program Files
[02/03/2012 - 01:46:10 | D ] 	C:\Quarantine
[02/03/2012 - 02:31:33 | SHD ] 	C:\RECYCLER
[16/05/2011 - 08:17:21 | D ] 	C:\RefreshDistributor
[03/03/2011 - 02:34:08 | D ] 	C:\Support
[02/03/2011 - 10:51:08 | SHD ] 	C:\System Volume Information
[02/03/2012 - 02:31:35 | D ] 	C:\UsbFix
[14/04/2008 - 13:00:00 | N | 10] 	C:\WIN51
[14/04/2008 - 13:00:00 | N | 10] 	C:\WIN51IP
[02/03/2012 - 01:44:54 | D ] 	C:\WINDOWS
[07/03/2011 - 09:57:48 | D ] 	D:\32 BIT_W2K_XP_2003
[02/03/2011 - 11:01:13 | D ] 	D:\ae1bd3b0f8c190979daac32fbca795
[07/03/2011 - 09:58:03 | D ] 	D:\Breitling World Timer
[02/03/2012 - 01:34:45 | D ] 	D:\csc
[02/03/2011 - 18:58:10 | D ] 	D:\Data
[29/05/2011 - 18:07:49 | D ] 	D:\Documents and Settings
[26/04/2011 - 16:10:33 | D ] 	D:\Dossiers de travail
[01/03/2012 - 23:36:31 | N | 830] 	D:\FindyKill_Upload_Me_DOM2.zip
[01/03/2012 - 23:38:34 | N | 1826] 	D:\FyK.txt
[02/03/2012 - 01:34:21 | ASH | 4278190080] 	D:\pagefile.sys
[03/01/2012 - 18:30:35 | D ] 	D:\Perso
[02/03/2012 - 02:26:14 | N | 103302] 	D:\photo-v2.jpg
[02/03/2012 - 02:31:33 | SHD ] 	D:\RECYCLER
[02/03/2011 - 11:15:38 | D ] 	D:\SP
[18/10/2011 - 09:03:08 | D ] 	D:\System
[02/03/2011 - 10:51:08 | SHD ] 	D:\System Volume Information
[02/03/2012 - 02:26:15 | D ] 	D:\Temp
[02/03/2012 - 02:32:24 | A | 13401] 	D:\UsbFix.txt

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: D:\UsbFix_Upload_Me_CNITC162XL.zip
http://eldesaparecido.com/upload.html
Thank you for your contribution.

Destrio5 · Answer

Tu n'as pas branché la clé USB pour la désinfecter avec UsbFix ?

JakinBoaz09 · Answer

ce n etait pas la mienne, je ne l ai pas

Destrio5 · Answer

Ok.

--> Relance UsbFix et choisis Désinstaller.

On va utiliser un logiciel de diagnostic plus complet qu'HijackThis.

--> Télécharge ZHPDiag (de Nicolas Coolman).

--> Double-clique sur le fichier d'installation. Installe ZHPDiag avec les paramètres par défaut (N'oublie pas de cocher "Créer une icône sur le Bureau ").

--> Lance ZHPDiag en double-cliquant sur le raccourci présent sur ton Bureau.
(Sous Vista/Win7, il faut cliquer droit sur le raccourci de  ZHPDiag et choisir Exécuter en tant qu'administrateur)

--> Clique sur la loupe (Lancer le diagnostic) puis laisse l'outil scanner.

--> Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier (le rapport de l'analyse) sur ton Bureau. 

--> Pour me transmettre le rapport, utilise le site http://pjjoint.malekal.com/ car le rapport ZHPDiag est plutôt long.

JakinBoaz09 · Answer

voila, alors n etant pas un specialiste.. voila ce que ca donne

http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120302_t12l5m10x6g11

Destrio5 · Answer

Bien, ça a l'air d'aller. Plus de souci ?

Iminent / IMBooster est à supprimer.

Tu peux faire l'option "Recherche" d'AdwCleaner et poster le rapport :
http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner

C'est ton PC de boulot ?

JakinBoaz09 · Answer

oui pc de boulot, c est quoi iminent / IM booster je trouve ca ou?

C etait une clef d un client

Destrio5 · Answer

C'est un adware, AdwCleaner va s'en occuper.

JakinBoaz09 · Answer

et 

# AdwCleaner v1.500 - Logfile created 03/02/2012 at 03:15:14
# Updated 23/02/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ccollet - CNITC162XL
# Running from : D:\Documents and Settings\ccollet\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Iminent

***** [H. Navipromo] *****


***** [Registry] *****

Key Found : HKCU\Software\Iminent
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\ Google Chrome v17.0.963.56

File : D:\Documents and Settings\ccollet\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1404 octets] - [02/03/2012 03:15:14]

########## EOF - D:\AdwCleaner[R1].txt - [1532 octets] ##########

JakinBoaz09 · Answer

ce virus m a bloqué mon wifi et pas mal de trucs, si je relance ca va revenir comme avant?

Destrio5 · Answer

Comment ça, si tu relances ?

JakinBoaz09 · Answer

mon pc

Destrio5 · Answer

Redémarre et vois s'il y a du changement.

Tu peux faire l'option "Suppression" d'AdwCleaner et poster le rapport.

JakinBoaz09 · Answer

ok, en tout cas merci ...

Destrio5 · Answer

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Virus Winxp... encore un

33 réponses

Discussions similaires