infection par VBS
Posté : 10 sept. 2009, 10:29
				
				Bonjour,
Mon disque dur portable est infecté par
VBS. Avast le detecte mais ne peut le supprimer.
Que dois je faire?
Merci d'avance.
ci joint le rapport usbFix.
############################## | UsbFix V6.029 |
User : Nathanaëlle (Administrateurs) # ORDI-FIXE
Update on 09/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 10:05:42 | 10/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 64-bit) # Service Pack 1
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 687,03 Go (424,03 Go free) [HP] # NTFS
D:\ -> Disque fixe local # 11,61 Go (1,55 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque fixe local # 298,08 Go (86,29 Go free) # NTFS
############################## | Processus actifs |
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\SysWOW64\svchost.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files (x86)\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
################## | Fichiers # Dossiers infectieux |
Présent ! K:\.MS32DLL.dll.vbs
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\F
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Sys.exe
HKCU\..\..\Explorer\MountPoints2\K
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Sys.exe
HKCU\..\..\Explorer\MountPoints2\{34439ebb-d58b-11dd-984a-0022151860f9}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Sys.exe
HKCU\..\..\Explorer\MountPoints2\{54a8cdc3-949b-11de-bdd7-0022151860f9}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Sys.exe
HKCU\..\..\Explorer\MountPoints2\{617b7428-97a5-11de-9357-0022151860f9}
shell\AutoRun\command =F:\StartPortableApps.exe
HKCU\..\..\Explorer\MountPoints2\{b0bdc673-a32f-11dd-bec7-0022151860f9}
shell\AutoRun\command =K:\setupSNK.exe
HKCU\..\..\Explorer\MountPoints2\{f0ba4419-ea13-11dd-84c1-0022151860f9}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
HKCU\..\..\Explorer\MountPoints2\{f477e687-a2bd-11dd-913a-0022151860f9}
shell\AutoRun\command =J:\setupSNK.exe
################## | ! Fin du rapport # UsbFix V6.029 ! |
			Mon disque dur portable est infecté par
VBS. Avast le detecte mais ne peut le supprimer.
Que dois je faire?
Merci d'avance.
ci joint le rapport usbFix.
############################## | UsbFix V6.029 |
User : Nathanaëlle (Administrateurs) # ORDI-FIXE
Update on 09/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 10:05:42 | 10/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 64-bit) # Service Pack 1
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 687,03 Go (424,03 Go free) [HP] # NTFS
D:\ -> Disque fixe local # 11,61 Go (1,55 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque fixe local # 298,08 Go (86,29 Go free) # NTFS
############################## | Processus actifs |
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\SysWOW64\svchost.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files (x86)\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
################## | Fichiers # Dossiers infectieux |
Présent ! K:\.MS32DLL.dll.vbs
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\F
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Sys.exe
HKCU\..\..\Explorer\MountPoints2\K
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Sys.exe
HKCU\..\..\Explorer\MountPoints2\{34439ebb-d58b-11dd-984a-0022151860f9}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Sys.exe
HKCU\..\..\Explorer\MountPoints2\{54a8cdc3-949b-11de-bdd7-0022151860f9}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Sys.exe
HKCU\..\..\Explorer\MountPoints2\{617b7428-97a5-11de-9357-0022151860f9}
shell\AutoRun\command =F:\StartPortableApps.exe
HKCU\..\..\Explorer\MountPoints2\{b0bdc673-a32f-11dd-bec7-0022151860f9}
shell\AutoRun\command =K:\setupSNK.exe
HKCU\..\..\Explorer\MountPoints2\{f0ba4419-ea13-11dd-84c1-0022151860f9}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
HKCU\..\..\Explorer\MountPoints2\{f477e687-a2bd-11dd-913a-0022151860f9}
shell\AutoRun\command =J:\setupSNK.exe
################## | ! Fin du rapport # UsbFix V6.029 ! |