Sujet Précédent Sujet Suivant

Virus sur cle usb

Résolu/Fermé
chouros Messages postés 30 Date d'inscription dimanche 21 mars 2010 Statut Membre Dernière intervention 16 avril 2013 - 9 sept. 2010 à 15:19
chouros Messages postés 30 Date d'inscription dimanche 21 mars 2010 Statut Membre Dernière intervention 16 avril 2013 - 16 sept. 2010 à 12:08
Bonjour,


J'ai un virus nomme "zodijak" sur ma ce usb. A chaque fois qu'un anti virus le detecte, il le supprime, mais a chaque fois il revient. Je precise que j'ai pu scanner avec differents antivirus ( mac afee, avast, Kapersky) mis a jour.

Je ne sais comment faire pour m'en debarrasser.

Merci d'avance pour votre aide


A voir également:

6 réponses

Réponse 1 / 6
Utilisateur anonyme
9 sept. 2010 à 15:21
Hello ,

* Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
* Double-clique sur RSIT.exe afin de lancer le programme.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 2 / 6
chouros Messages postés 30 Date d'inscription dimanche 21 mars 2010 Statut Membre Dernière intervention 16 avril 2013
12 sept. 2010 à 13:05
Salut et merci pour ta réponse. Voici les deux .txt :

info : info.txt logfile of random's system information tool 1.08 2010-09-12 16:38:09

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\55d40879a5f7feaceb0dfecd559ac54\Setup.exe
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\55d40879a5f7feaceb0dfecd559ac54\Setup.exe
Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
avast! Antivirus-->rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
B-Link B5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7ECCE9C-9275-46C7-9180-C8B3C5EA792E}\Setup.exe" -l0x9
Driver Genius Professional Edition 2007-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
FileZilla Client 3.3.0-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Mega Codec Pack 3.6.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x40c mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x40c mmUninstall
Microsoft Office 2007 Recent Documents Gadget-->MsiExec.exe /X{90120000-008A-0409-0000-0000000FF1CE}
Mozilla Firefox (3.6.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8-->MsiExec.exe /X{90AABED0-25A8-41FC-B738-224889E31033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Opera 9.24-->MsiExec.exe /X{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Total Immersion - Futuroscope La Rencontre-->"C:\Program Files\Futuroscope La Rencontre\uninstall.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unlocker 1.9.0-x64-->C:\Program Files\Unlocker\uninst.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Sidebar-->RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,UnInstall
Windows Vista Games All In One-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VGame.inf,RemoveGames
WinISO v5.3-->C:\PROGRA~1\WinISO53\UNWISE.EXE C:\PROGRA~1\WinISO53\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.7.844 [VPS 0622-2] (outdated)

======System event log======

Computer Name: PAL
Event Code: 17
Message: The device sent an incorrect response(s) following a keyboard reset.

Record Number: 77
Source Name: i8042prt
Time Written: 20100828212854.000000-420
Event Type: warning
User:

Computer Name: PAL
Event Code: 17
Message: The device sent an incorrect response(s) following a keyboard reset.

Record Number: 51
Source Name: i8042prt
Time Written: 20100828171707.000000-420
Event Type: warning
User:

Computer Name: PAL
Event Code: 17
Message: The device sent an incorrect response(s) following a keyboard reset.

Record Number: 38
Source Name: i8042prt
Time Written: 20100828170502.000000-420
Event Type: warning
User:

Computer Name: PAL
Event Code: 17
Message: The device sent an incorrect response(s) following a keyboard reset.

Record Number: 21
Source Name: i8042prt
Time Written: 20100828165723.000000-420
Event Type: warning
User:

Computer Name: MACHINENAME
Event Code: 17
Message: The device sent an incorrect response(s) following a keyboard reset.

Record Number: 3
Source Name: i8042prt
Time Written: 20100828091706.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: PAL
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 18
Source Name: WinMgmt
Time Written: 20100828165010.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PAL
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 17
Source Name: WinMgmt
Time Written: 20100828165010.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PAL
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20100828164708.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PAL
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20100828164708.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PAL
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20100828164706.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Alky for Applications\Libraries\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


et le log maintenant :



Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-09-12 16:43:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 23 GB (51%) free of 45 GB
Total RAM: 1535 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:44:28, on 12/09/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\E70832\06A4DE.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\My Documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://search.yahoo.com/web
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [06A4DE] C:\WINDOWS\system32\E70832\06A4DE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: 06A4DE.lnk = C:\WINDOWS\system32\E70832\06A4DE.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: Shortcut to sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 3 / 6
Utilisateur anonyme
12 sept. 2010 à 13:37
Hello ,

T es infecté par un Worm.Autoit , visible ici :

O4 - HKLM\..\Run: [06A4DE] C:\WINDOWS\system32\E70832\06A4DE.EXE

#####


Télécharge UsbFix sur ton bureau

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur UsbFix.exe présent sur ton bureau.

# Choisi Suppression

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaîtra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)

(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Tuto : https://www.malekal.com/usbfix-supprimer-virus-usb/
Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
Réponse 4 / 6
chouros Messages postés 30 Date d'inscription dimanche 21 mars 2010 Statut Membre Dernière intervention 16 avril 2013
14 sept. 2010 à 14:32
Bonjour, voici le rapport :

############################## | UsbFix 7.024 | [Deletion]

User: Admin (Administrator) # PAL [ ]
Updated 09/09/10 by El Desaparecido / C_XX
Started at 13:07:13 | 14/09/2010
Website: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: AMD Turion(tm) 64 Mobile Technology MT-34
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 7.0.5730.11

Windows Firewall: Disabled /!\
Antivirus: avast! antivirus 4.7.844 [VPS 0622-2] 4.7.844 [Enabled | (!) Outdated]
RAM -> 1535 Mb
C:\ (%systemdrive%) -> Fixed drive # 44 Gb (23 Mb free - 53%) [] # NTFS
D:\ -> Fixed drive # 29 Gb (17 Mb free - 60%) [DATA] # FAT32
E:\ -> CD-ROM
F:\ -> Removable drive # 496 Mb (375 Mb free - 76%) [] # FAT32
G:\ -> CD-ROM
H:\ -> Fixed drive # 596 Gb (334 Mb free - 56%) [STOREX] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\DOCUME~1\Admin\LOCALS~1\Temp\E_N4
Deleted ! F:\Autorun.inf
Deleted ! H:\Autorun.inf
Deleted ! F:\kqdok.pif
Deleted ! F:\Recycle.exe
Deleted ! H:\Recycle.exe
Deleted ! H:\Recycled.exe
Deleted ! H:\System Volume Information.exe
Deleted ! C:\Documents and Settings\Admin\My Documents\à ranger\ambassade.exe
Deleted ! C:\WINDOWS\system32\E70832\06A4DE.EXE
Deleted ! F:\css2.exe
Deleted ! F:\sagi.exe
Deleted ! F:\ambassade.exe
Not deleted ! F:\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\à faire.exe
Not deleted ! F:\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\for internet.exe
Deleted ! F:\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\à faire.exe
Deleted ! F:\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\chapterIII photoshop\..\for internet.exe
Deleted ! H:\System Volume Information\_restore{BC50B55B-B016-4686-BFF4-4BF3C4F5A51C}\RP32\A0021892.exe
Deleted ! H:\System Volume Information\_restore{BC50B55B-B016-4686-BFF4-4BF3C4F5A51C}\RP32\A0021894.exe
Deleted ! H:\multimédia.exe
Deleted ! H:\zodijak.exe

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

################## | Mountpoints2 |


################## | Listing |

[28/08/2010 - 16:50:53 | A | 0] C:\AUTOEXEC.BAT
[13/09/2010 - 14:16:04 | RASHD ] C:\Autorun.inf
[28/08/2010 - 16:34:28 | RSH | 211] C:\boot.ini
[28/08/2010 - 16:50:53 | A | 0] C:\CONFIG.SYS
[29/08/2010 - 01:39:20 | D ] C:\Documents and Settings
[28/08/2010 - 16:50:53 | RASH | 0] C:\IO.SYS
[28/08/2010 - 16:50:53 | RASH | 0] C:\MSDOS.SYS
[03/08/2004 - 05:00:00 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 05:00:00 | RASH | 250032] C:\ntldr
[14/09/2010 - 11:34:02 | ASH | 2145386496] C:\pagefile.sys
[13/09/2010 - 14:28:40 | RD ] C:\Program Files
[14/09/2010 - 13:40:53 | SHD ] C:\RECYCLER
[12/09/2010 - 16:38:09 | D ] C:\rsit
[28/08/2010 - 16:57:11 | SHD ] C:\System Volume Information
[14/09/2010 - 13:40:56 | D ] C:\UsbFix
[14/09/2010 - 13:40:51 | A | 2635] C:\UsbFix.txt
[13/09/2010 - 14:04:04 | D ] C:\WINDOWS
[21/09/2006 - 16:24:26 | SHD ] D:\System Volume Information
[29/06/2010 - 08:04:32 | SHD ] D:\Recycled
[13/09/2010 - 14:16:08 | RASHD ] D:\Autorun.inf
[07/09/2010 - 10:22:14 | ASH | 12288] D:\Thumbs.db
[07/06/2009 - 16:26:48 | D ] D:\multimédia
[16/08/2010 - 07:50:44 | HD ] F:\css2
[06/09/2010 - 16:35:36 | HD ] F:\sagi
[01/09/2010 - 07:42:30 | HD ] F:\à faire
[15/07/2010 - 08:17:18 | HD ] F:\for internet
[10/08/2010 - 18:25:34 | HD ] F:\ambassade
[09/09/2010 - 10:59:00 | AH | 4096] F:\._.Trashes
[24/08/2010 - 18:22:40 | HD ] F:\zodijak
[09/09/2010 - 10:59:00 | HD ] F:\.Trashes
[09/09/2010 - 10:59:00 | HD ] F:\.fseventsd
[08/09/2010 - 12:30:18 | RSHD ] F:\GOLAC
[09/09/2010 - 10:59:00 | HD ] F:\.Spotlight-V100
[09/09/2010 - 10:59:14 | HD ] F:\.TemporaryItems
[08/09/2010 - 13:30:02 | A | 14230] F:\zoom sagi.txt
[27/08/2010 - 10:30:32 | D ] F:\Favorites
[28/08/2010 - 06:33:50 | D ] F:\chapterIII photoshop
[09/09/2010 - 10:59:14 | AH | 4096] F:\._.TemporaryItems
[06/09/2010 - 12:32:58 | D ] F:\emails a envoyer
[25/07/2009 - 12:59:02 | HD ] H:\multimédia
[29/07/2009 - 23:29:24 | SHD ] H:\Recycled
[18/11/2009 - 18:10:30 | HD ] H:\System Volume Information
[22/08/2010 - 22:13:30 | HD ] H:\zodijak

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_PAL.zip
https://www.ionos.fr/?affiliate_id=77097
Thank you for your contribution.

################## | E.O.F |


Apparemment il n'y a plus rien de ce worm.

Encore merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Utilisateur anonyme
14 sept. 2010 à 16:53
Hello ,

Refais un scan RSIT et post log.txt stp
0
Réponse 6 / 6
chouros Messages postés 30 Date d'inscription dimanche 21 mars 2010 Statut Membre Dernière intervention 16 avril 2013
16 sept. 2010 à 12:08
Hi,
J'avais omis de dire que j'avais supprimé manuellement les fichiers infectés qui n'avaient pas été supprimés dans le précédent post mais qui étaient mentionnés par le logiciel.

Bon j'ai refait un scan et voilà ce que ça donne :

############################## | UsbFix 7.024 | [Deletion]

User: Admin (Administrator) # PAL [ ]
Updated 09/09/10 by El Desaparecido / C_XX
Started at 07:50:11 | 16/09/2010
Website: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: AMD Turion(tm) 64 Mobile Technology MT-34
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 7.0.5730.11

Windows Firewall: Disabled /!\
Antivirus: avast! antivirus 4.7.844 [VPS 0622-2] 4.7.844 [Enabled | (!) Outdated]
RAM -> 1535 Mb
C:\ (%systemdrive%) -> Fixed drive # 44 Gb (24 Mb free - 55%) [] # NTFS
D:\ -> Fixed drive # 29 Gb (17 Mb free - 60%) [DATA] # FAT32
E:\ -> CD-ROM
F:\ -> Removable drive # 496 Mb (378 Mb free - 76%) [] # FAT32
G:\ -> CD-ROM
H:\ -> Fixed drive # 596 Gb (333 Mb free - 56%) [STOREX] # FAT32

################## | Files # Infected Folders |


################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[28/08/2010 - 16:50:53 | A | 0] C:\AUTOEXEC.BAT
[14/09/2010 - 13:41:02 | RASHD ] C:\Autorun.inf
[28/08/2010 - 16:34:28 | RSH | 211] C:\boot.ini
[28/08/2010 - 16:50:53 | A | 0] C:\CONFIG.SYS
[29/08/2010 - 01:39:20 | D ] C:\Documents and Settings
[28/08/2010 - 16:50:53 | RASH | 0] C:\IO.SYS
[28/08/2010 - 16:50:53 | RASH | 0] C:\MSDOS.SYS
[03/08/2004 - 05:00:00 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 05:00:00 | RASH | 250032] C:\ntldr
[16/09/2010 - 07:38:36 | ASH | 2145386496] C:\pagefile.sys
[16/09/2010 - 07:45:16 | D ] C:\Program Files
[16/09/2010 - 07:53:30 | SHD ] C:\RECYCLER
[12/09/2010 - 16:38:09 | D ] C:\rsit
[28/08/2010 - 16:57:11 | SHD ] C:\System Volume Information
[16/09/2010 - 07:53:30 | D ] C:\UsbFix
[16/09/2010 - 07:53:32 | A | 924] C:\UsbFix.txt
[14/09/2010 - 13:42:00 | A | 21452740] C:\UsbFix_Upload_Me_PAL.zip
[15/09/2010 - 20:58:34 | D ] C:\WINDOWS
[21/09/2006 - 16:24:26 | SHD ] D:\System Volume Information
[29/06/2010 - 08:04:32 | SHD ] D:\Recycled
[14/09/2010 - 13:41:04 | RASHD ] D:\Autorun.inf
[07/09/2010 - 10:22:14 | ASH | 12288] D:\Thumbs.db
[07/06/2009 - 16:26:48 | D ] D:\multimédia
[06/09/2010 - 16:35:36 | D ] F:\sagi
[01/09/2010 - 07:42:30 | D ] F:\à faire
[14/09/2010 - 13:41:04 | RASHD ] F:\Autorun.inf
[09/09/2010 - 10:59:00 | AH | 4096] F:\._.Trashes
[14/09/2010 - 17:11:18 | A | 14108] F:\Bonjour.docx
[09/09/2010 - 10:59:00 | HD ] F:\.Trashes
[09/09/2010 - 10:59:00 | HD ] F:\.fseventsd
[08/09/2010 - 12:30:18 | RSHD ] F:\GOLAC
[09/09/2010 - 10:59:00 | HD ] F:\.Spotlight-V100
[09/09/2010 - 10:59:14 | HD ] F:\.TemporaryItems
[08/09/2010 - 13:30:02 | A | 14230] F:\zoom sagi.txt
[27/08/2010 - 10:30:32 | D ] F:\Favorites
[28/08/2010 - 06:33:50 | D ] F:\chapterIII photoshop
[14/09/2010 - 17:23:14 | A | 3044086] F:\Alliance Bazaar Planet Nepal.pdf
[09/09/2010 - 10:59:14 | AH | 4096] F:\._.TemporaryItems
[06/09/2010 - 12:32:58 | D ] F:\emails a envoyer
[25/07/2009 - 12:59:02 | AD ] H:\multimédia
[29/07/2009 - 23:29:24 | SHD ] H:\Recycled
[18/11/2009 - 18:10:30 | HD ] H:\System Volume Information
[14/09/2010 - 13:41:56 | RASHD ] H:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_PAL.zip
https://www.ionos.fr/?affiliate_id=77097
Thank you for your contribution.

################## | E.O.F |

Tout m'a l'air maintenant impeccable.

Merci encore
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Comment télécharger de la musique sur une clé USB ?
kuperminc -
Hurbain -

5 réponses