Probleme de virus
bakojack
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Bonjour les amis de l'internet.
Mon ordi a été infecté par deux virus puissants à savoir raila odinga et full house drive. je vous poste ce que hijackthis ma donner comme resultat. je vous prie de me donner la méthode permettant de pouvoir eliminer tous ces virus et rendre mon ordi clean .
passez une bonne journée
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:01, on 21/03/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauc1t.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp"
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Administrator\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\Copy of Fiche Présence_New1_New1
O4 - HKLM\..\Policies\Explorer\Run: [Task Manager] C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe
O4 - HKCU\..\Policies\Explorer\Run: [Manager Task] C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Copy of Fiche Présence_New1_New1.lnk = ?
O4 - Startup: CURRICULUM VITAE.lnk = ?
O4 - Startup: CV.lnk = ?
O4 - Startup: Lettre a Anthony.lnk = ?
O4 - Startup: REGLEMENT INTERIEUR.lnk = ?
O4 - Startup: ZOOMTG.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?82fbc933dd6442ce8b70c061ac40deb4
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?82fbc933dd6442ce8b70c061ac40deb4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{64556C0D-B847-4D78-B910-649B889651A4}: NameServer = 41.207.177.17,41.207.160.45
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7831961-7FB5-42E5-8467-62B39053A2DC}: NameServer = 41.207.177.17,41.207.160.45
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Bonjour les amis de l'internet.
Mon ordi a été infecté par deux virus puissants à savoir raila odinga et full house drive. je vous poste ce que hijackthis ma donner comme resultat. je vous prie de me donner la méthode permettant de pouvoir eliminer tous ces virus et rendre mon ordi clean .
passez une bonne journée
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:01, on 21/03/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauc1t.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp"
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Administrator\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\Copy of Fiche Présence_New1_New1
O4 - HKLM\..\Policies\Explorer\Run: [Task Manager] C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe
O4 - HKCU\..\Policies\Explorer\Run: [Manager Task] C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Copy of Fiche Présence_New1_New1.lnk = ?
O4 - Startup: CURRICULUM VITAE.lnk = ?
O4 - Startup: CV.lnk = ?
O4 - Startup: Lettre a Anthony.lnk = ?
O4 - Startup: REGLEMENT INTERIEUR.lnk = ?
O4 - Startup: ZOOMTG.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?82fbc933dd6442ce8b70c061ac40deb4
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?82fbc933dd6442ce8b70c061ac40deb4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{64556C0D-B847-4D78-B910-649B889651A4}: NameServer = 41.207.177.17,41.207.160.45
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7831961-7FB5-42E5-8467-62B39053A2DC}: NameServer = 41.207.177.17,41.207.160.45
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
A voir également:
- Probleme de virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
4 réponses
Bonsoir
pour le virus raila odinga il existe se patch http://www.net-studio.org/software/ROPatch.rar
et si avec sa sa marche pas
on mode sans echec va dans C:\Windows\System32\Driveren affichant les details tu devrè voir des petit programme executable(exe) de taille 96Ko tu les suprime puit sur ton bureau le programme sous forme de .gif
==================================================================
A la fin de la procédure post un nouveau rapport hijackthis.
pour le virus raila odinga il existe se patch http://www.net-studio.org/software/ROPatch.rar
et si avec sa sa marche pas
on mode sans echec va dans C:\Windows\System32\Driveren affichant les details tu devrè voir des petit programme executable(exe) de taille 96Ko tu les suprime puit sur ton bureau le programme sous forme de .gif
==================================================================
A la fin de la procédure post un nouveau rapport hijackthis.
Salut,
▶ Telecharge et install UsbFix de C_XX & Chiquitine29
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Choisi l option 1 ( Recherche )
▶ Laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Telecharge et install UsbFix de C_XX & Chiquitine29
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Choisi l option 1 ( Recherche )
▶ Laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
voici le rapport que tu m4a demande:
############################## [ UsbFix V3.010 ]
# User : Administrator () # HR
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 14:57:24 | 22/04/2002
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Pentium(R) 4 CPU 2.60GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# C:\ # Local Fixed Disk # 37,25 Go (18,56 Go free) [eli] # NTFS
# D:\ # CD-ROM Disc
# E:\ # Removable Disk
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\Copy of Fiche Présence_New1_New1.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauc1t.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://runonce.msn.com/?v=msgrv75"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe, \"C:\\WINDOWS\\system32\\M5VBVM60.EXE StartUp\""
HKLM_logon: "DefaultUserName"="administrator"
HKLM_logon: "AltDefaultUserName"="administrator"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: FixCamera=C:\WINDOWS\FixCamera.exe
HKLM_Run: tsnp2std=C:\WINDOWS\tsnp2std.exe
HKLM_Run: NWEReboot=
HKLM_Run: BTUSRBDG=BtUsrBdg.exe
HKLM_Run: BTSETBOOTKEY=BTSetBootKey.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
HKLM_Run: ShStatEXE="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
HKLM_Run: McAfeeUpdaterUI="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
HKLM_Run: Blank AntiViri=C:\AUT0EXEC.BAT StartUp
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Yahoo! Pager="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
HKCU_Run: µTorrent="C:\Documents and Settings\Administrator\Desktop\utorrent.exe"
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: MySpaceIM=C:\Program Files\MySpace\IM\MySpaceIM.exe
HKCU_Run: MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
################## [ Informations ]
# Contenu de l'autorun C:\autorun.inf
[autorun]
Open=explorer.exe
Shellexecute=explorer.exe
Shell\Auto\command=explorer.exe
Shell=Auto
# -> ( Value | Good = 0x0 Bad = 0x1 )
# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\explorer.exe
Found ! C:\autorun.inf
Found ! C:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
################## [ Registre # Clés Run infectieuses ]
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{161eb730-49b7-11dc-a802-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{161eb730-49b7-11dc-a802-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{161eb730-49b7-11dc-a802-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{161eb731-49b7-11dc-a802-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{29930050-4fc4-11dc-a815-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{29930050-4fc4-11dc-a815-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{29930050-4fc4-11dc-a815-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{2a0654f0-dab9-11c6-a8f8-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2a0654f0-dab9-11c6-a8f8-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{52bf5d90-40fa-11dc-a7cc-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{52bf5d90-40fa-11dc-a7cc-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{52bf5d90-40fa-11dc-a7cc-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{5cd83c90-a3e2-11dc-a87b-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5cd83c91-a3e2-11dc-a87b-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{887d5491-369d-11db-a66a-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{887d5491-369d-11db-a66a-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{887d5491-369d-11db-a66a-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{99d9bce0-604d-11dc-a827-08004697aa0d}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{99d9bce0-604d-11dc-a827-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9dff06b0-3cdf-11d6-a930-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9dff06b0-3cdf-11d6-a930-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{b1d2cf80-764b-11dc-a864-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bfa34329-d2e0-11db-a767-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bfa34329-d2e0-11db-a767-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{bfa34329-d2e0-11db-a767-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{c9977ae7-5165-11dc-a81a-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c9977ae7-5165-11dc-a81a-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{c9977ae7-5165-11dc-a81a-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{cae77011-0764-11db-91d8-806d6172696f}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{cae77011-0764-11db-91d8-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{e3997950-547d-11dc-a81d-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{e3997950-547d-11dc-a81d-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{e3997950-547d-11dc-a81d-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ead0ac40-40eb-11dc-a7c7-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ead0ac40-40eb-11dc-a7c7-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d84-48c8-11dc-a7ff-08004697aa0d}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d84-48c8-11dc-a7ff-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d85-48c8-11dc-a7ff-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d85-48c8-11dc-a7ff-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d85-48c8-11dc-a7ff-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d87-48c8-11dc-a7ff-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f8dc74c1-5ba3-11dc-a822-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f8dc74c1-5ba3-11dc-a822-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{f8dc74c1-5ba3-11dc-a822-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{fdf4ce60-4b4b-11dc-a80a-08004697aa0d}\Shell\AutoRun\command
################## [ ! Fin du rapport # UsbFix V3.010 ! ]
############################## [ UsbFix V3.010 ]
# User : Administrator () # HR
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 14:57:24 | 22/04/2002
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Pentium(R) 4 CPU 2.60GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# C:\ # Local Fixed Disk # 37,25 Go (18,56 Go free) [eli] # NTFS
# D:\ # CD-ROM Disc
# E:\ # Removable Disk
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\Copy of Fiche Présence_New1_New1.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauc1t.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://runonce.msn.com/?v=msgrv75"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe, \"C:\\WINDOWS\\system32\\M5VBVM60.EXE StartUp\""
HKLM_logon: "DefaultUserName"="administrator"
HKLM_logon: "AltDefaultUserName"="administrator"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: FixCamera=C:\WINDOWS\FixCamera.exe
HKLM_Run: tsnp2std=C:\WINDOWS\tsnp2std.exe
HKLM_Run: NWEReboot=
HKLM_Run: BTUSRBDG=BtUsrBdg.exe
HKLM_Run: BTSETBOOTKEY=BTSetBootKey.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
HKLM_Run: ShStatEXE="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
HKLM_Run: McAfeeUpdaterUI="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
HKLM_Run: Blank AntiViri=C:\AUT0EXEC.BAT StartUp
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Yahoo! Pager="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
HKCU_Run: µTorrent="C:\Documents and Settings\Administrator\Desktop\utorrent.exe"
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: MySpaceIM=C:\Program Files\MySpace\IM\MySpaceIM.exe
HKCU_Run: MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
################## [ Informations ]
# Contenu de l'autorun C:\autorun.inf
[autorun]
Open=explorer.exe
Shellexecute=explorer.exe
Shell\Auto\command=explorer.exe
Shell=Auto
# -> ( Value | Good = 0x0 Bad = 0x1 )
# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\explorer.exe
Found ! C:\autorun.inf
Found ! C:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe
################## [ Registre # Clés Run infectieuses ]
Found ! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{161eb730-49b7-11dc-a802-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{161eb730-49b7-11dc-a802-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{161eb730-49b7-11dc-a802-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{161eb731-49b7-11dc-a802-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{29930050-4fc4-11dc-a815-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{29930050-4fc4-11dc-a815-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{29930050-4fc4-11dc-a815-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{2a0654f0-dab9-11c6-a8f8-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2a0654f0-dab9-11c6-a8f8-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{52bf5d90-40fa-11dc-a7cc-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{52bf5d90-40fa-11dc-a7cc-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{52bf5d90-40fa-11dc-a7cc-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{5cd83c90-a3e2-11dc-a87b-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5cd83c91-a3e2-11dc-a87b-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{887d5491-369d-11db-a66a-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{887d5491-369d-11db-a66a-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{887d5491-369d-11db-a66a-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{99d9bce0-604d-11dc-a827-08004697aa0d}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{99d9bce0-604d-11dc-a827-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9dff06b0-3cdf-11d6-a930-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9dff06b0-3cdf-11d6-a930-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{b1d2cf80-764b-11dc-a864-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bfa34329-d2e0-11db-a767-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bfa34329-d2e0-11db-a767-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{bfa34329-d2e0-11db-a767-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{c9977ae7-5165-11dc-a81a-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c9977ae7-5165-11dc-a81a-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{c9977ae7-5165-11dc-a81a-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{cae77011-0764-11db-91d8-806d6172696f}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{cae77011-0764-11db-91d8-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{e3997950-547d-11dc-a81d-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{e3997950-547d-11dc-a81d-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{e3997950-547d-11dc-a81d-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ead0ac40-40eb-11dc-a7c7-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ead0ac40-40eb-11dc-a7c7-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d84-48c8-11dc-a7ff-08004697aa0d}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d84-48c8-11dc-a7ff-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d85-48c8-11dc-a7ff-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d85-48c8-11dc-a7ff-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d85-48c8-11dc-a7ff-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{ee520d87-48c8-11dc-a7ff-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f8dc74c1-5ba3-11dc-a822-08004697aa0d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f8dc74c1-5ba3-11dc-a822-08004697aa0d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{f8dc74c1-5ba3-11dc-a822-08004697aa0d}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{fdf4ce60-4b4b-11dc-a80a-08004697aa0d}\Shell\AutoRun\command
################## [ ! Fin du rapport # UsbFix V3.010 ! ]
Re,
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau
▶ Choisi l option 2 ( Suppression )
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau
▶ Choisi l option 2 ( Suppression )
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
