Virus anna I liebe you-- milk@3
Résolu/Fermé
daly260
Messages postés
26
Date d'inscription
jeudi 22 octobre 2009
Statut
Membre
Dernière intervention
3 novembre 2010
-
22 oct. 2009 à 14:54
abdel31 - 26 août 2010 à 06:08
abdel31 - 26 août 2010 à 06:08
A voir également:
- Virus anna I liebe you-- milk@3
- I trema ✓ - Forum Clavier
- Picasa 3 - Télécharger - Albums photo
- I tréma - Forum Windows
- Chanson i love you année 70 ✓ - Forum Musique / Radio / Clip
- Comment faire un i tréma - Forum Bureautique
15 réponses
Utilisateur anonyme
22 oct. 2009 à 14:56
22 oct. 2009 à 14:56
Salut ,
• Télécharge UsbFix sur ton bureau .
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
https://www.androidworld.fr/
https://www.androidworld.fr/
http://www.commentcamarche.net/telecharger/telecharger-34066197-usbfix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur "UsbFix.exe" présent sur ton bureau .
• Choisis l'option F pour français et tape sur [entrée] .
• Choisis l'option 1 ( Recherche ) et tape sur [entrée] .
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
• Télécharge UsbFix sur ton bureau .
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
https://www.androidworld.fr/
https://www.androidworld.fr/
http://www.commentcamarche.net/telecharger/telecharger-34066197-usbfix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur "UsbFix.exe" présent sur ton bureau .
• Choisis l'option F pour français et tape sur [entrée] .
• Choisis l'option 1 ( Recherche ) et tape sur [entrée] .
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
daly260
Messages postés
26
Date d'inscription
jeudi 22 octobre 2009
Statut
Membre
Dernière intervention
3 novembre 2010
24
22 oct. 2009 à 15:56
22 oct. 2009 à 15:56
ah c'est génial !!
je n'ai plus ce virus anna I liebe you en haut de ma fenêtre !
merci beaucoup !!
je n'ai plus ce virus anna I liebe you en haut de ma fenêtre !
merci beaucoup !!
daly260
Messages postés
26
Date d'inscription
jeudi 22 octobre 2009
Statut
Membre
Dernière intervention
3 novembre 2010
24
22 oct. 2009 à 15:13
22 oct. 2009 à 15:13
############################## | UsbFix V6.043 |
User : Dalila (Administrateurs) # UNICORNI-4A3F81
Update on 21/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:09:20 | 22/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
C:\ -> Disque fixe local # 55,88 Go (46,82 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 3,76 Go (3,2 Go free) [DALILA] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
C:\autorun.inf
################## | Registre # Clés Run infectieuses |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2df3f56a-acdd-11de-92a4-001167000000}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{46ea35a8-9cb0-11de-926a-001167000000}
Shell\AutoRun\command =E:\start.exe
HKCU\..\..\Explorer\MountPoints2\{ba90296c-a6c7-11de-928f-001167000000}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe"
26/04/2005 12:15 |Size 258048 |Crc32 43272192 |Md5 163f714859c9a6b09b8c901d43f9d745
################## | ! Fin du rapport # UsbFix V6.043 ! |
User : Dalila (Administrateurs) # UNICORNI-4A3F81
Update on 21/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:09:20 | 22/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
C:\ -> Disque fixe local # 55,88 Go (46,82 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 3,76 Go (3,2 Go free) [DALILA] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
C:\autorun.inf
################## | Registre # Clés Run infectieuses |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2df3f56a-acdd-11de-92a4-001167000000}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{46ea35a8-9cb0-11de-926a-001167000000}
Shell\AutoRun\command =E:\start.exe
HKCU\..\..\Explorer\MountPoints2\{ba90296c-a6c7-11de-928f-001167000000}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe"
26/04/2005 12:15 |Size 258048 |Crc32 43272192 |Md5 163f714859c9a6b09b8c901d43f9d745
################## | ! Fin du rapport # UsbFix V6.043 ! |
Utilisateur anonyme
22 oct. 2009 à 15:17
22 oct. 2009 à 15:17
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur "UsbFix.exe" présent sur ton bureau .
• Choisis l' option F pour français et et tape sur [entrée] .
• choisis l'option 2 ( Suppression ) et tape sur [entrée].
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Double clic sur "UsbFix.exe" présent sur ton bureau .
• Choisis l' option F pour français et et tape sur [entrée] .
• choisis l'option 2 ( Suppression ) et tape sur [entrée].
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
daly260
Messages postés
26
Date d'inscription
jeudi 22 octobre 2009
Statut
Membre
Dernière intervention
3 novembre 2010
24
22 oct. 2009 à 15:28
22 oct. 2009 à 15:28
je ne retrouve pas usbfix sur mon bureau, dois-je le retélécharger de nouveau et suivre la deuxième étape ?
Utilisateur anonyme
22 oct. 2009 à 15:28
22 oct. 2009 à 15:28
OUI , retélécharge le dans ce cas et oui passe directement l option 2
Utilisateur anonyme
22 oct. 2009 à 15:57
22 oct. 2009 à 15:57
de rien ;)
si tu n as pas d autres soucis change le statut du sujet en resolu stp
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
si tu n as pas d autres soucis change le statut du sujet en resolu stp
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
Bonjour,
J'ai le même virus, voici mon rapport et merci infiniment pour votre aide.
############################## | UsbFix V6.074 |
User : perso (Administrateurs) # RELATIONPUBLIQU
Update on 15/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:10:13 | 18/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 9.0.0.736 [ Enabled | Updated ]
FW : Kaspersky Internet Security[ Enabled ]9.0.0.736
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 78,24 Go (58,81 Go free) [System] # NTFS
D:\ -> Disque fixe local # 70,81 Go (4,06 Go free) [Datas] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 3,73 Go (2 Go free) # FAT32
G:\ -> Disque amovible # 124 Mo (1,91 Mo free) # FAT32
############################## | Processus actifs |
################## | Elements infectieux |
C:\autorun.inf
F:\autorun.inf
F:\kubernesis.vbe
G:\autorun.inf
################## | Registre |
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{69b949ee-6091-11de-bbab-001d92844d87}
Shell\AutoRun\command =F:\w9hw8.exe
Shell\open\Command =F:\w9hw8.exe
HKCU\..\..\Explorer\MountPoints2\{69b949f2-6091-11de-bbab-001d92844d87}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{6d6d78fe-5fda-11de-bba8-001d92844d87}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{78243390-7519-11de-bbc4-001d92844d87}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{80b4f77a-63c1-11de-bbb2-001d92844d87}
Shell\AutoRun\command =F:\mranjm.exe
Shell\open\Command =F:\mranjm.exe
HKCU\..\..\Explorer\MountPoints2\{911c26f3-faa6-11de-bc39-001d92844d87}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{911c26f4-faa6-11de-bc39-001d92844d87}
Shell\AutoRun\command =F:\mbdm.exe
Shell\open\Command =F:\mbdm.exe
HKCU\..\..\Explorer\MountPoints2\{a914b84d-fdc8-11de-bc3b-001d92844d87}
Shell\AutoRun\command =F:\8xcrbho6.exe
Shell\open\Command =F:\8xcrbho6.exe
################## | Cracks > Keygens > Serials |
################## | ! Fin du rapport # UsbFix V6.074 ! |
J'ai le même virus, voici mon rapport et merci infiniment pour votre aide.
############################## | UsbFix V6.074 |
User : perso (Administrateurs) # RELATIONPUBLIQU
Update on 15/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:10:13 | 18/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 9.0.0.736 [ Enabled | Updated ]
FW : Kaspersky Internet Security[ Enabled ]9.0.0.736
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 78,24 Go (58,81 Go free) [System] # NTFS
D:\ -> Disque fixe local # 70,81 Go (4,06 Go free) [Datas] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 3,73 Go (2 Go free) # FAT32
G:\ -> Disque amovible # 124 Mo (1,91 Mo free) # FAT32
############################## | Processus actifs |
################## | Elements infectieux |
C:\autorun.inf
F:\autorun.inf
F:\kubernesis.vbe
G:\autorun.inf
################## | Registre |
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{69b949ee-6091-11de-bbab-001d92844d87}
Shell\AutoRun\command =F:\w9hw8.exe
Shell\open\Command =F:\w9hw8.exe
HKCU\..\..\Explorer\MountPoints2\{69b949f2-6091-11de-bbab-001d92844d87}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{6d6d78fe-5fda-11de-bba8-001d92844d87}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{78243390-7519-11de-bbc4-001d92844d87}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{80b4f77a-63c1-11de-bbb2-001d92844d87}
Shell\AutoRun\command =F:\mranjm.exe
Shell\open\Command =F:\mranjm.exe
HKCU\..\..\Explorer\MountPoints2\{911c26f3-faa6-11de-bc39-001d92844d87}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{911c26f4-faa6-11de-bc39-001d92844d87}
Shell\AutoRun\command =F:\mbdm.exe
Shell\open\Command =F:\mbdm.exe
HKCU\..\..\Explorer\MountPoints2\{a914b84d-fdc8-11de-bc3b-001d92844d87}
Shell\AutoRun\command =F:\8xcrbho6.exe
Shell\open\Command =F:\8xcrbho6.exe
################## | Cracks > Keygens > Serials |
################## | ! Fin du rapport # UsbFix V6.074 ! |
Zorrocom
Messages postés
3
Date d'inscription
samedi 12 décembre 2009
Statut
Membre
Dernière intervention
12 décembre 2009
1
12 déc. 2009 à 09:24
12 déc. 2009 à 09:24
############################## | UsbFix V6.061 |
User : zoheir (Administrateurs) # WXPJEB
Update on 10/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 09:18:33 | 12/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) D CPU 3.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
C:\ -> Disque fixe local # 9,77 Go (674,88 Mo free) # NTFS
D:\ -> Disque fixe local # 455,99 Go (704,37 Mo free) # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 7,45 Go (5,3 Go free) [STORE N GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 632
C:\WINDOWS\system32\csrss.exe 680
C:\WINDOWS\system32\winlogon.exe 704
C:\WINDOWS\system32\services.exe 748
C:\WINDOWS\system32\lsass.exe 760
C:\WINDOWS\system32\svchost.exe 916
C:\WINDOWS\system32\svchost.exe 984
C:\WINDOWS\System32\svchost.exe 1080
C:\WINDOWS\system32\svchost.exe 1120
C:\WINDOWS\system32\svchost.exe 1192
C:\WINDOWS\system32\svchost.exe 1280
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1396
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1468
C:\WINDOWS\Explorer.EXE 1640
C:\WINDOWS\system32\igfxtray.exe 1712
C:\WINDOWS\system32\igfxpers.exe 1728
C:\WINDOWS\RTHDCPL.EXE 1736
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1752
C:\WINDOWS\System32\WScript.exe 1812
C:\WINDOWS\System32\WScript.exe 1840
C:\Program Files\Nouvelle Cible Studio\Wake Up Stand Up Réveil\wusur.exe 1872
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1904
C:\WINDOWS\system32\ctfmon.exe 1912
C:\Program Files\Internet Download Manager\IDMan.exe 1924
C:\Program Files\Messenger\msmsgs.exe 1932
C:\DOCUME~1\zoheir\LOCALS~1\Temp\mrt1.tmp\stdrt.exe 1992
C:\WINDOWS\System32\WScript.exe 2012
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe 128
C:\WINDOWS\system32\spoolsv.exe 524
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1344
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2188
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2204
C:\WINDOWS\System32\alg.exe 2776
C:\Program Files\ClubTimer\Server\ClubServer.exe 3012
C:\Program Files\ClubTimer\ClubAdmin.exe 3096
C:\Program Files\Internet Explorer\iexplore.exe 2620
C:\Program Files\Windows Live\Toolbar\wltuser.exe 2412
C:\Program Files\VideoLAN\VLC\vlc.exe 3060
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3460
C:\WINDOWS\system32\wbem\wmiprvse.exe 2744
################## | Fichiers # Dossiers infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\autorun.inf
C:\kubernesis.vbe
D:\autorun.inf
D:\kubernesis.vbe
G:\kubernesis.vbe
G:\vcuwf.pif
################## | Registre # Clés infectieuses |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\G
Shell\AutoRun\command =G:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{39008ec2-ce47-11de-b2f9-001a4d994793}
Shell\AutoRun\command =F:\hjvjte.exe
Shell\open\Command =F:\hjvjte.exe
HKCU\..\..\Explorer\MountPoints2\{450685f2-e12a-11de-b555-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{4c6de74d-e51a-11de-b55f-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{50165e35-da59-11de-b547-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{58a40ccb-dadc-11de-b548-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{7afcc491-c2d2-11de-b2d3-001a4d994793}
Shell\AutoRun\command =F:\zPharaoh.exe
Shell\explore\command =F:\zPharaoh.exe
Shell\open\command =F:\zPharaoh.exe
HKCU\..\..\Explorer\MountPoints2\{7c76325e-e203-11de-b557-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{85810a09-d018-11de-b2ff-001a4d994793}
Shell\AutoRun\command =F:\RunVer.exe
Shell\explore\Command =F:\RunVer.exe e
Shell\open\Command =F:\RunVer.exe e
HKCU\..\..\Explorer\MountPoints2\{e00a740e-dbe5-11de-b549-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
################## | Cracks / Keygens / Serials |
"D:\Reparations\A-One FLV to AVI MPEG WMV 3GP MP4 iPod Converter v3.9 [H3X4 Serial][h33t][matt14]\flv2video_converter.exe"
02/12/2007 03:40 |Size 3968989 |Crc32 300770de |Md5 7f574306add4959b27f97ed4efbd8265
"D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\s2kdos.exe"
15/06/2004 11:00 |Size 19932 |Crc32 66ecc349 |Md5 6643384b3886aef0ab574011318e3635
"D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\serial2k.exe"
15/06/2004 11:00 |Size 205312 |Crc32 c803e522 |Md5 7fa98409b7f4d89953b52f6e90738cd0
"D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\unins000.exe"
25/04/2004 19:07 |Size 47815 |Crc32 2f403942 |Md5 dce4e4e74a71b539c7e08fc9a7c115b1
"D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\Add-on\UnSEU2.exe"
15/06/2004 11:00 |Size 92640 |Crc32 ad8039a3 |Md5 241214acef6e1415b897e33a4ee1788d
"D:\CHAT\antivirus nod32_ 2.7 FRENCH + crack.zip"
-> Contain : nod32_nod32_2.7_francais_21922\ESET[1].NOD32.v2.70.23.WinNT2K2K3XP.Cracked-FYN\ESET.NOD32.v2.70.23.WinNT2K2K3XP.Cracked-FYN\NOD32.patch\NOD32.patch\NOD32.FiX.v2.1.exe
"D:\CHAT\antivirus nod32_ 2.7 FRENCH + crack.zip"
-> Contain : nod32_nod32_2.7_francais_21922\NOD32_pour_Windows_NT-2000-XP-64bits-Vista.exe
"G:\Setup\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\ZumaSetup.exe
"G:\Setup\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe
################## | ! Fin du rapport # UsbFix V6.061 ! |
User : zoheir (Administrateurs) # WXPJEB
Update on 10/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 09:18:33 | 12/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) D CPU 3.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
C:\ -> Disque fixe local # 9,77 Go (674,88 Mo free) # NTFS
D:\ -> Disque fixe local # 455,99 Go (704,37 Mo free) # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 7,45 Go (5,3 Go free) [STORE N GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 632
C:\WINDOWS\system32\csrss.exe 680
C:\WINDOWS\system32\winlogon.exe 704
C:\WINDOWS\system32\services.exe 748
C:\WINDOWS\system32\lsass.exe 760
C:\WINDOWS\system32\svchost.exe 916
C:\WINDOWS\system32\svchost.exe 984
C:\WINDOWS\System32\svchost.exe 1080
C:\WINDOWS\system32\svchost.exe 1120
C:\WINDOWS\system32\svchost.exe 1192
C:\WINDOWS\system32\svchost.exe 1280
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1396
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1468
C:\WINDOWS\Explorer.EXE 1640
C:\WINDOWS\system32\igfxtray.exe 1712
C:\WINDOWS\system32\igfxpers.exe 1728
C:\WINDOWS\RTHDCPL.EXE 1736
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1752
C:\WINDOWS\System32\WScript.exe 1812
C:\WINDOWS\System32\WScript.exe 1840
C:\Program Files\Nouvelle Cible Studio\Wake Up Stand Up Réveil\wusur.exe 1872
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1904
C:\WINDOWS\system32\ctfmon.exe 1912
C:\Program Files\Internet Download Manager\IDMan.exe 1924
C:\Program Files\Messenger\msmsgs.exe 1932
C:\DOCUME~1\zoheir\LOCALS~1\Temp\mrt1.tmp\stdrt.exe 1992
C:\WINDOWS\System32\WScript.exe 2012
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe 128
C:\WINDOWS\system32\spoolsv.exe 524
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1344
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2188
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2204
C:\WINDOWS\System32\alg.exe 2776
C:\Program Files\ClubTimer\Server\ClubServer.exe 3012
C:\Program Files\ClubTimer\ClubAdmin.exe 3096
C:\Program Files\Internet Explorer\iexplore.exe 2620
C:\Program Files\Windows Live\Toolbar\wltuser.exe 2412
C:\Program Files\VideoLAN\VLC\vlc.exe 3060
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3460
C:\WINDOWS\system32\wbem\wmiprvse.exe 2744
################## | Fichiers # Dossiers infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\autorun.inf
C:\kubernesis.vbe
D:\autorun.inf
D:\kubernesis.vbe
G:\kubernesis.vbe
G:\vcuwf.pif
################## | Registre # Clés infectieuses |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\G
Shell\AutoRun\command =G:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{39008ec2-ce47-11de-b2f9-001a4d994793}
Shell\AutoRun\command =F:\hjvjte.exe
Shell\open\Command =F:\hjvjte.exe
HKCU\..\..\Explorer\MountPoints2\{450685f2-e12a-11de-b555-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{4c6de74d-e51a-11de-b55f-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{50165e35-da59-11de-b547-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{58a40ccb-dadc-11de-b548-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{7afcc491-c2d2-11de-b2d3-001a4d994793}
Shell\AutoRun\command =F:\zPharaoh.exe
Shell\explore\command =F:\zPharaoh.exe
Shell\open\command =F:\zPharaoh.exe
HKCU\..\..\Explorer\MountPoints2\{7c76325e-e203-11de-b557-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{85810a09-d018-11de-b2ff-001a4d994793}
Shell\AutoRun\command =F:\RunVer.exe
Shell\explore\Command =F:\RunVer.exe e
Shell\open\Command =F:\RunVer.exe e
HKCU\..\..\Explorer\MountPoints2\{e00a740e-dbe5-11de-b549-001a4d994793}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
################## | Cracks / Keygens / Serials |
"D:\Reparations\A-One FLV to AVI MPEG WMV 3GP MP4 iPod Converter v3.9 [H3X4 Serial][h33t][matt14]\flv2video_converter.exe"
02/12/2007 03:40 |Size 3968989 |Crc32 300770de |Md5 7f574306add4959b27f97ed4efbd8265
"D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\s2kdos.exe"
15/06/2004 11:00 |Size 19932 |Crc32 66ecc349 |Md5 6643384b3886aef0ab574011318e3635
"D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\serial2k.exe"
15/06/2004 11:00 |Size 205312 |Crc32 c803e522 |Md5 7fa98409b7f4d89953b52f6e90738cd0
"D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\unins000.exe"
25/04/2004 19:07 |Size 47815 |Crc32 2f403942 |Md5 dce4e4e74a71b539c7e08fc9a7c115b1
"D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\Add-on\UnSEU2.exe"
15/06/2004 11:00 |Size 92640 |Crc32 ad8039a3 |Md5 241214acef6e1415b897e33a4ee1788d
"D:\CHAT\antivirus nod32_ 2.7 FRENCH + crack.zip"
-> Contain : nod32_nod32_2.7_francais_21922\ESET[1].NOD32.v2.70.23.WinNT2K2K3XP.Cracked-FYN\ESET.NOD32.v2.70.23.WinNT2K2K3XP.Cracked-FYN\NOD32.patch\NOD32.patch\NOD32.FiX.v2.1.exe
"D:\CHAT\antivirus nod32_ 2.7 FRENCH + crack.zip"
-> Contain : nod32_nod32_2.7_francais_21922\NOD32_pour_Windows_NT-2000-XP-64bits-Vista.exe
"G:\Setup\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\ZumaSetup.exe
"G:\Setup\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe
################## | ! Fin du rapport # UsbFix V6.061 ! |
############################## | UsbFix V6.084 |
User : sidou (Administrateurs) # SERVER
Update on 01/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 14:13:13 | 01/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
AV : avast! antivirus 4.8.1229 [VPS 080826-0] 4.8.1229 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 39,06 Go (21,08 Go free) # NTFS
D:\ -> Disque fixe local # 35,46 Go (31,15 Go free) # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM # 283,48 Mo (0 Mo free) [Mon disque] # CDFS
############################## | Processus actifs |
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\setup\avast.setup
d:\program files\avira\antivir personaledition classic\avcenter.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Elements infectieux |
D:\DOCUME~1\sidou\LOCALS~1\Temp\nerodeltmp.exe
C:\autorun.inf
D:\autorun.inf
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{c83807c6-0f2a-11df-bdde-806d6172696f}
Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{c83807c7-0f2a-11df-bdde-806d6172696f}
Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
################## | ! Fin du rapport # UsbFix V6.084 ! |
User : sidou (Administrateurs) # SERVER
Update on 01/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 14:13:13 | 01/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
AV : avast! antivirus 4.8.1229 [VPS 080826-0] 4.8.1229 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 39,06 Go (21,08 Go free) # NTFS
D:\ -> Disque fixe local # 35,46 Go (31,15 Go free) # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM # 283,48 Mo (0 Mo free) [Mon disque] # CDFS
############################## | Processus actifs |
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\setup\avast.setup
d:\program files\avira\antivir personaledition classic\avcenter.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Elements infectieux |
D:\DOCUME~1\sidou\LOCALS~1\Temp\nerodeltmp.exe
C:\autorun.inf
D:\autorun.inf
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{c83807c6-0f2a-11df-bdde-806d6172696f}
Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{c83807c7-0f2a-11df-bdde-806d6172696f}
Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
################## | ! Fin du rapport # UsbFix V6.084 ! |
merci d'avance pour ce que tu pourra faire pour kubernesis
############################## | UsbFix V6.092 |
User : MAXIME (Administrateurs) # SANTARD
Update on 07/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20:11:24 | 07/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Mobile AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]2007
C:\ -> Disque fixe local # 68,91 Go (1,79 Go free) # NTFS
D:\ -> Disque fixe local # 5,6 Go (928,4 Mo free) [PRESARIO_RP] # FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 7,45 Go (7,44 Go free) [USB DISK] # FAT32
G:\ -> Disque amovible # 245,84 Mo (192,18 Mo free) [MAX KEY] # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Elements infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\WINDOWS\System32\wshost32.exe
C:\autorun.inf
C:\kubernesis.vbe
C:\autorun.inf
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1859\Desktop.ini
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1859
D:\autorun.inf
D:\kubernesis.vbe
D:\autorun.inf
F:\autorun.inf
F:\kubernesis.vbe
F:\autorun.inf
G:\autorun.inf
G:\kubernesis.vbe
G:\autorun.inf
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "13CFG914-K641-26SF-N31P"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2d7c37bf-cb3a-11db-84ad-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{43c25e9c-ca79-11dc-85f1-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{4e555d66-8d95-11dd-8691-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLEMGR\autorun.exe
Shell\open\command =F:\RECYCLEMGR\autorun.exe
HKCU\..\..\Explorer\MountPoints2\{55fedff6-4233-11db-83bb-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{598c1a26-2440-11dd-8650-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe
HKCU\..\..\Explorer\MountPoints2\{5daf10cf-44bf-11dc-855e-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
HKCU\..\..\Explorer\MountPoints2\{7a9fe674-4738-11dc-855f-000a9416f27c}
Shell\Auto\command =sxs.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
HKCU\..\..\Explorer\MountPoints2\{7c464b2e-d42a-11dc-85fc-000a9416f27c}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
HKCU\..\..\Explorer\MountPoints2\{7e72d42c-701a-11dc-8596-000a9416f27c}
Shell\AutoRun\command =F:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{8c47c84c-0d52-11de-8721-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
HKCU\..\..\Explorer\MountPoints2\{91a20224-9ce4-11dc-85be-000a9416f27c}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
HKCU\..\..\Explorer\MountPoints2\{95db889d-837c-11db-842b-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{9846336e-5a82-11dd-8671-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{ae627798-a4e3-11de-8775-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
HKCU\..\..\Explorer\MountPoints2\{ae867e28-f379-11dd-870f-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
HKCU\..\..\Explorer\MountPoints2\{c3c157e5-ff97-11de-87d6-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{efe536a3-0b3c-11db-835a-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.092 ! |
############################## | UsbFix V6.092 |
User : MAXIME (Administrateurs) # SANTARD
Update on 07/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20:11:24 | 07/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Mobile AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]2007
C:\ -> Disque fixe local # 68,91 Go (1,79 Go free) # NTFS
D:\ -> Disque fixe local # 5,6 Go (928,4 Mo free) [PRESARIO_RP] # FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 7,45 Go (7,44 Go free) [USB DISK] # FAT32
G:\ -> Disque amovible # 245,84 Mo (192,18 Mo free) [MAX KEY] # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Elements infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\WINDOWS\System32\wshost32.exe
C:\autorun.inf
C:\kubernesis.vbe
C:\autorun.inf
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1859\Desktop.ini
C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1859
D:\autorun.inf
D:\kubernesis.vbe
D:\autorun.inf
F:\autorun.inf
F:\kubernesis.vbe
F:\autorun.inf
G:\autorun.inf
G:\kubernesis.vbe
G:\autorun.inf
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "13CFG914-K641-26SF-N31P"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2d7c37bf-cb3a-11db-84ad-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{43c25e9c-ca79-11dc-85f1-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{4e555d66-8d95-11dd-8691-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLEMGR\autorun.exe
Shell\open\command =F:\RECYCLEMGR\autorun.exe
HKCU\..\..\Explorer\MountPoints2\{55fedff6-4233-11db-83bb-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{598c1a26-2440-11dd-8650-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe
HKCU\..\..\Explorer\MountPoints2\{5daf10cf-44bf-11dc-855e-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
HKCU\..\..\Explorer\MountPoints2\{7a9fe674-4738-11dc-855f-000a9416f27c}
Shell\Auto\command =sxs.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
HKCU\..\..\Explorer\MountPoints2\{7c464b2e-d42a-11dc-85fc-000a9416f27c}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
HKCU\..\..\Explorer\MountPoints2\{7e72d42c-701a-11dc-8596-000a9416f27c}
Shell\AutoRun\command =F:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{8c47c84c-0d52-11de-8721-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
HKCU\..\..\Explorer\MountPoints2\{91a20224-9ce4-11dc-85be-000a9416f27c}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
HKCU\..\..\Explorer\MountPoints2\{95db889d-837c-11db-842b-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{9846336e-5a82-11dd-8671-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{ae627798-a4e3-11de-8775-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
HKCU\..\..\Explorer\MountPoints2\{ae867e28-f379-11dd-870f-000a9416f27c}
Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
HKCU\..\..\Explorer\MountPoints2\{c3c157e5-ff97-11de-87d6-000a9416f27c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{efe536a3-0b3c-11db-835a-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.092 ! |
bonobel
Messages postés
2
Date d'inscription
mardi 2 mars 2010
Statut
Membre
Dernière intervention
2 mars 2010
2 mars 2010 à 01:16
2 mars 2010 à 01:16
merci de bien m'aider :)
############################## | UsbFix V6.097 |
User : BONO (Administrateurs) # HOME
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 00:57:49 | 02/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Kaspersky Anti-Virus 8.0.0.506 [ (!) Disabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 14,64 Go (9,37 Go free) # FAT32
D:\ -> Disque fixe local # 29,29 Go (22,9 Go free) # NTFS
E:\ -> Disque fixe local # 29,28 Go (11,13 Go free) # FAT32
F:\ -> Disque fixe local # 41,24 Go (37,62 Go free) # NTFS
G:\ -> Disque CD-ROM
I:\ -> Disque fixe local # 77,64 Go (3,92 Go free) # NTFS
J:\ -> Disque fixe local # 71,41 Go (65,5 Go free) # NTFS
############################## | Processus actifs |
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Athan\Athan.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
################## | Elements infectieux |
C:\autorun.inf
C:\kubernesis.vbe
D:\autorun.inf
D:\kubernesis.vbe
E:\autorun.inf
E:\kubernesis.vbe
F:\autorun.inf
F:\kubernesis.vbe
I:\autorun.inf
I:\kubernesis.vbe
J:\autorun.inf
J:\kubernesis.vbe
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{047fe948-2555-11df-b6e4-001485e1f78a}
Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{047fe949-2555-11df-b6e4-001485e1f78a}
Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.097 ! |
############################## | UsbFix V6.097 |
User : BONO (Administrateurs) # HOME
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 00:57:49 | 02/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Kaspersky Anti-Virus 8.0.0.506 [ (!) Disabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 14,64 Go (9,37 Go free) # FAT32
D:\ -> Disque fixe local # 29,29 Go (22,9 Go free) # NTFS
E:\ -> Disque fixe local # 29,28 Go (11,13 Go free) # FAT32
F:\ -> Disque fixe local # 41,24 Go (37,62 Go free) # NTFS
G:\ -> Disque CD-ROM
I:\ -> Disque fixe local # 77,64 Go (3,92 Go free) # NTFS
J:\ -> Disque fixe local # 71,41 Go (65,5 Go free) # NTFS
############################## | Processus actifs |
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Athan\Athan.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
################## | Elements infectieux |
C:\autorun.inf
C:\kubernesis.vbe
D:\autorun.inf
D:\kubernesis.vbe
E:\autorun.inf
E:\kubernesis.vbe
F:\autorun.inf
F:\kubernesis.vbe
I:\autorun.inf
I:\kubernesis.vbe
J:\autorun.inf
J:\kubernesis.vbe
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{047fe948-2555-11df-b6e4-001485e1f78a}
Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{047fe949-2555-11df-b6e4-001485e1f78a}
Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.097 ! |
ricob29
Messages postés
1
Date d'inscription
samedi 3 avril 2010
Statut
Membre
Dernière intervention
3 avril 2010
3 avril 2010 à 12:03
3 avril 2010 à 12:03
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:17, on 03/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\USB_HD\Change Icon\ChangeIcon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Change Icon] C:\Program Files\USB_HD\Change Icon\ChangeIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.fr/s/v/56.11/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/51.28/uploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploader4.cab
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Scan saved at 11:44:17, on 03/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\USB_HD\Change Icon\ChangeIcon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Change Icon] C:\Program Files\USB_HD\Change Icon\ChangeIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.fr/s/v/56.11/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/51.28/uploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploader4.cab
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
############################## | UsbFix V6.101 |
User : Administrateur (Administrateurs) # HPDX2400
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:47:13 | 09/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Total Protection 4.9.0.340 [ (!) Disabled | (!) Outdated ]
AV : avast! antivirus 4.8.1368 [VPS 100409-0] 4.8.1368 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 139,03 Go (102,1 Go free) [Systeme] # NTFS
D:\ -> Disque fixe local # 10 Go (6,2 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local # 149,05 Go (110,63 Go free) [Travaux] # NTFS
K:\ -> Disque fixe local # 465,76 Go (212,83 Go free) [Disque Externe] # NTFS
################## | Elements infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\WINDOWS\System32\autorun.ini
C:\autorun.inf
C:\kubernesis.vbe
C:\system32
D:\autorun.inf
D:\kubernesis.vbe
J:\autorun.inf
J:\kubernesis.vbe
K:\autorun.inf
K:\kubernesis.vbe
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo Messengger"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{08ba6c79-1bf2-11df-9392-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{493908af-59c2-11df-93be-00215a74f5a8}
Shell\AutoRun\command =system32/rundll.exe
Shell\explore\command =system32/rundll.exe
Shell\open\command =system32/rundll.exe
HKCU\..\..\Explorer\MountPoints2\{7420d898-e056-11de-9339-00215a74f5a8}
Shell\AutoRun\command =K:\sidali406.exe
Shell\explore\command =K:\sidali406.exe
Shell\Open\command =K:\sidali406.exe
HKCU\..\..\Explorer\MountPoints2\{79d5bb73-bfa7-11de-92e8-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{c3ca088b-2b4c-11de-835a-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{cd23a352-b25c-11de-925f-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b1fc-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b201-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =Qjkcym.eXE
Shell\OPen\comMand =qJkCyM.eXe
HKCU\..\..\Explorer\MountPoints2\{e8cee2fd-20bb-11df-9398-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{f089c540-7f5f-11de-83fe-00215a74f5a8}
Shell\AutoRun\command =K:\kbxMrw.ExE
Shell\OPEN\CoMmand =K:\kBXMRw.eXE
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.101 ! |
User : Administrateur (Administrateurs) # HPDX2400
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:47:13 | 09/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Total Protection 4.9.0.340 [ (!) Disabled | (!) Outdated ]
AV : avast! antivirus 4.8.1368 [VPS 100409-0] 4.8.1368 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 139,03 Go (102,1 Go free) [Systeme] # NTFS
D:\ -> Disque fixe local # 10 Go (6,2 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local # 149,05 Go (110,63 Go free) [Travaux] # NTFS
K:\ -> Disque fixe local # 465,76 Go (212,83 Go free) [Disque Externe] # NTFS
################## | Elements infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\WINDOWS\System32\autorun.ini
C:\autorun.inf
C:\kubernesis.vbe
C:\system32
D:\autorun.inf
D:\kubernesis.vbe
J:\autorun.inf
J:\kubernesis.vbe
K:\autorun.inf
K:\kubernesis.vbe
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo Messengger"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{08ba6c79-1bf2-11df-9392-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{493908af-59c2-11df-93be-00215a74f5a8}
Shell\AutoRun\command =system32/rundll.exe
Shell\explore\command =system32/rundll.exe
Shell\open\command =system32/rundll.exe
HKCU\..\..\Explorer\MountPoints2\{7420d898-e056-11de-9339-00215a74f5a8}
Shell\AutoRun\command =K:\sidali406.exe
Shell\explore\command =K:\sidali406.exe
Shell\Open\command =K:\sidali406.exe
HKCU\..\..\Explorer\MountPoints2\{79d5bb73-bfa7-11de-92e8-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{c3ca088b-2b4c-11de-835a-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{cd23a352-b25c-11de-925f-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b1fc-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b201-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =Qjkcym.eXE
Shell\OPen\comMand =qJkCyM.eXe
HKCU\..\..\Explorer\MountPoints2\{e8cee2fd-20bb-11df-9398-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{f089c540-7f5f-11de-83fe-00215a74f5a8}
Shell\AutoRun\command =K:\kbxMrw.ExE
Shell\OPEN\CoMmand =K:\kBXMRw.eXE
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.101 ! |
j'ai le même problème. J'ai éffectué les mêmes opération mais je ne comprends pas où je dois poster. Voici le raport.
############################## | UsbFix V6.101 |
User : Administrateur (Administrateurs) # HPDX2400
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:59:16 | 09/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Total Protection 4.9.0.340 [ (!) Disabled | (!) Outdated ]
AV : avast! antivirus 4.8.1368 [VPS 100409-0] 4.8.1368 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 139,03 Go (102,09 Go free) [Systeme] # NTFS
D:\ -> Disque fixe local # 10 Go (6,2 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local # 149,05 Go (110,63 Go free) [Travaux] # NTFS
K:\ -> Disque fixe local # 465,76 Go (212,83 Go free) [Disque Externe] # NTFS
################## | Elements infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\WINDOWS\System32\autorun.ini
C:\autorun.inf
C:\kubernesis.vbe
C:\system32
D:\autorun.inf
D:\kubernesis.vbe
J:\autorun.inf
J:\kubernesis.vbe
K:\autorun.inf
K:\kubernesis.vbe
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo Messengger"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{08ba6c79-1bf2-11df-9392-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{493908af-59c2-11df-93be-00215a74f5a8}
Shell\AutoRun\command =system32/rundll.exe
Shell\explore\command =system32/rundll.exe
Shell\open\command =system32/rundll.exe
HKCU\..\..\Explorer\MountPoints2\{7420d898-e056-11de-9339-00215a74f5a8}
Shell\AutoRun\command =K:\sidali406.exe
Shell\explore\command =K:\sidali406.exe
Shell\Open\command =K:\sidali406.exe
HKCU\..\..\Explorer\MountPoints2\{cd23a352-b25c-11de-925f-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b1fc-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b201-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =Qjkcym.eXE
Shell\OPen\comMand =qJkCyM.eXe
HKCU\..\..\Explorer\MountPoints2\{e8cee2fd-20bb-11df-9398-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{f089c540-7f5f-11de-83fe-00215a74f5a8}
Shell\AutoRun\command =K:\kbxMrw.ExE
Shell\OPEN\CoMmand =K:\kBXMRw.eXE
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.101 ! |
############################## | UsbFix V6.101 |
User : Administrateur (Administrateurs) # HPDX2400
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:59:16 | 09/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Total Protection 4.9.0.340 [ (!) Disabled | (!) Outdated ]
AV : avast! antivirus 4.8.1368 [VPS 100409-0] 4.8.1368 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 139,03 Go (102,09 Go free) [Systeme] # NTFS
D:\ -> Disque fixe local # 10 Go (6,2 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local # 149,05 Go (110,63 Go free) [Travaux] # NTFS
K:\ -> Disque fixe local # 465,76 Go (212,83 Go free) [Disque Externe] # NTFS
################## | Elements infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\WINDOWS\System32\autorun.ini
C:\autorun.inf
C:\kubernesis.vbe
C:\system32
D:\autorun.inf
D:\kubernesis.vbe
J:\autorun.inf
J:\kubernesis.vbe
K:\autorun.inf
K:\kubernesis.vbe
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo Messengger"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{08ba6c79-1bf2-11df-9392-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{493908af-59c2-11df-93be-00215a74f5a8}
Shell\AutoRun\command =system32/rundll.exe
Shell\explore\command =system32/rundll.exe
Shell\open\command =system32/rundll.exe
HKCU\..\..\Explorer\MountPoints2\{7420d898-e056-11de-9339-00215a74f5a8}
Shell\AutoRun\command =K:\sidali406.exe
Shell\explore\command =K:\sidali406.exe
Shell\Open\command =K:\sidali406.exe
HKCU\..\..\Explorer\MountPoints2\{cd23a352-b25c-11de-925f-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b1fc-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b201-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =Qjkcym.eXE
Shell\OPen\comMand =qJkCyM.eXe
HKCU\..\..\Explorer\MountPoints2\{e8cee2fd-20bb-11df-9398-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{f089c540-7f5f-11de-83fe-00215a74f5a8}
Shell\AutoRun\command =K:\kbxMrw.ExE
Shell\OPEN\CoMmand =K:\kBXMRw.eXE
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.101 ! |
j'ai le même problème. J'ai éffectué les mêmes opération mais je ne comprends pas où je dois poster. Voici le raport.
############################## | UsbFix V6.101 |
User : Administrateur (Administrateurs) # HPDX2400
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:59:16 | 09/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Total Protection 4.9.0.340 [ (!) Disabled | (!) Outdated ]
AV : avast! antivirus 4.8.1368 [VPS 100409-0] 4.8.1368 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 139,03 Go (102,09 Go free) [Systeme] # NTFS
D:\ -> Disque fixe local # 10 Go (6,2 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local # 149,05 Go (110,63 Go free) [Travaux] # NTFS
K:\ -> Disque fixe local # 465,76 Go (212,83 Go free) [Disque Externe] # NTFS
################## | Elements infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\WINDOWS\System32\autorun.ini
C:\autorun.inf
C:\kubernesis.vbe
C:\system32
D:\autorun.inf
D:\kubernesis.vbe
J:\autorun.inf
J:\kubernesis.vbe
K:\autorun.inf
K:\kubernesis.vbe
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo Messengger"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{08ba6c79-1bf2-11df-9392-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{493908af-59c2-11df-93be-00215a74f5a8}
Shell\AutoRun\command =system32/rundll.exe
Shell\explore\command =system32/rundll.exe
Shell\open\command =system32/rundll.exe
HKCU\..\..\Explorer\MountPoints2\{7420d898-e056-11de-9339-00215a74f5a8}
Shell\AutoRun\command =K:\sidali406.exe
Shell\explore\command =K:\sidali406.exe
Shell\Open\command =K:\sidali406.exe
HKCU\..\..\Explorer\MountPoints2\{cd23a352-b25c-11de-925f-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b1fc-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b201-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =Qjkcym.eXE
Shell\OPen\comMand =qJkCyM.eXe
HKCU\..\..\Explorer\MountPoints2\{e8cee2fd-20bb-11df-9398-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{f089c540-7f5f-11de-83fe-00215a74f5a8}
Shell\AutoRun\command =K:\kbxMrw.ExE
Shell\OPEN\CoMmand =K:\kBXMRw.eXE
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.101 ! |
############################## | UsbFix V6.101 |
User : Administrateur (Administrateurs) # HPDX2400
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:59:16 | 09/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Total Protection 4.9.0.340 [ (!) Disabled | (!) Outdated ]
AV : avast! antivirus 4.8.1368 [VPS 100409-0] 4.8.1368 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 139,03 Go (102,09 Go free) [Systeme] # NTFS
D:\ -> Disque fixe local # 10 Go (6,2 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local # 149,05 Go (110,63 Go free) [Travaux] # NTFS
K:\ -> Disque fixe local # 465,76 Go (212,83 Go free) [Disque Externe] # NTFS
################## | Elements infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\WINDOWS\System32\autorun.ini
C:\autorun.inf
C:\kubernesis.vbe
C:\system32
D:\autorun.inf
D:\kubernesis.vbe
J:\autorun.inf
J:\kubernesis.vbe
K:\autorun.inf
K:\kubernesis.vbe
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo Messengger"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{08ba6c79-1bf2-11df-9392-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{493908af-59c2-11df-93be-00215a74f5a8}
Shell\AutoRun\command =system32/rundll.exe
Shell\explore\command =system32/rundll.exe
Shell\open\command =system32/rundll.exe
HKCU\..\..\Explorer\MountPoints2\{7420d898-e056-11de-9339-00215a74f5a8}
Shell\AutoRun\command =K:\sidali406.exe
Shell\explore\command =K:\sidali406.exe
Shell\Open\command =K:\sidali406.exe
HKCU\..\..\Explorer\MountPoints2\{cd23a352-b25c-11de-925f-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b1fc-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{d429b201-7793-11de-83f0-00215a74f5a8}
Shell\AutoRun\command =Qjkcym.eXE
Shell\OPen\comMand =qJkCyM.eXe
HKCU\..\..\Explorer\MountPoints2\{e8cee2fd-20bb-11df-9398-00215a74f5a8}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{f089c540-7f5f-11de-83fe-00215a74f5a8}
Shell\AutoRun\command =K:\kbxMrw.ExE
Shell\OPEN\CoMmand =K:\kBXMRw.eXE
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.101 ! |
22 nov. 2009 à 18:02
Comme j'ai eu le meme probleme que Daly, j'ai effectué les memes opérations que vous avez indiqué. Voici le rapport. merci pour votre aide.
############################## | UsbFix V6.055 |
User : PAPA (Administrateurs) # JAWAD-4C7B02E30
Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 12:42:27 | 22/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1351 [VPS 091122-0] 4.8.1351 [ Enabled | Updated ]
AV : Kaspersky Internet Security 8.0.0.506 [ Enabled | Updated ]
FW : Kaspersky Internet Security[ Enabled ]8.0.0.506
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 74,52 Go (30,02 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 3,76 Go (2,49 Go free) [L FRIDI] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 1088
C:\WINDOWS\system32\csrss.exe 1224
C:\WINDOWS\system32\winlogon.exe 1564
C:\WINDOWS\system32\services.exe 1608
C:\WINDOWS\system32\lsass.exe 1620
C:\WINDOWS\system32\svchost.exe 1796
C:\WINDOWS\system32\svchost.exe 1844
C:\WINDOWS\System32\svchost.exe 168
C:\WINDOWS\system32\svchost.exe 476
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 756
C:\Program Files\Alwil Software\Avast4\ashServ.exe 816
C:\WINDOWS\system32\spoolsv.exe 1468
C:\Program Files\AskBarDis\bar\bin\AskService.exe 1972
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe 1992
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE 252
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE 296
C:\Program Files\Java\jre6\bin\jqs.exe 388
C:\WINDOWS\system32\svchost.exe 676
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 1444
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 964
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 996
C:\WINDOWS\System32\svchost.exe 2156
C:\WINDOWS\Explorer.EXE 552
C:\WINDOWS\system32\VTTimer.exe 2100
C:\WINDOWS\system32\VTtrayp.exe 2108
C:\WINDOWS\RTHDCPL.EXE 2136
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe 2128
C:\Program Files\QuickTime\qttask.exe 2208
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 2388
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe 2420
C:\Program Files\Java\jre6\bin\jusched.exe 2472
C:\WINDOWS\System32\WScript.exe 2652
C:\WINDOWS\System32\WScript.exe 2676
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 2688
C:\WINDOWS\system32\ctfmon.exe 2696
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE 2724
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2752
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 2824
C:\WINDOWS\System32\WScript.exe 2936
C:\Program Files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe 2964
C:\Program Files\WordWiseLookup\WordWiseLookup.exe 2992
C:\Documents and Settings\fridi\Bureau\Zoheir\Logiciel\MessengerDiscovery 2\MessengerDiscovery 2.exe 3148
C:\WINDOWS\system32\wbem\wmiprvse.exe 3868
C:\Program Files\Internet Explorer\iexplore.exe 4036
################## | Fichiers # Dossiers infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\kubernscan.vbe
C:\autorun.inf
C:\kubernesis.vbe
E:\autorun.inf
E:\kubernesis.vbe
################## | Registre # Clés infectieuses |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{035eb3ff-f39c-11dd-ba0e-001921208751}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
HKCU\..\..\Explorer\MountPoints2\{3c6a8494-fb87-11dd-ba26-0650430007d0}
ShEll\AuTOplay\cOMmAnd =fyjl.cmd
ShEll\AutoRun\command =fyjl.cmd
ShEll\expLorE\cOmmand =fyjl.cmd
ShEll\oPen\coMmAnd =fyjl.cmd
HKCU\..\..\Explorer\MountPoints2\{805b0abb-4c73-11de-865e-0650430007d0}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{95cc283c-0f61-11d6-b9ed-001921208751}
Shell\AutoRun\command =wscript.exe .\.vbs
Shell\open\command =wscript.exe .\.vbs
HKCU\..\..\Explorer\MountPoints2\{9e46c2d9-9d84-11de-876a-0650430007d0}
Shell\AutoplaY\ComMAnd =E:\ydov.exe
Shell\AutoRun\command =E:\ydov.exe
Shell\explorE\CoMmand =E:\ydov.exe
Shell\open\commAND =E:\ydov.exe
HKCU\..\..\Explorer\MountPoints2\{b6f077f7-7f5c-11de-86fe-0650430007d0}
Shell\AutoRun\command =28.bat
Shell\open\Command =28.bat
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\fridi\Bureau\USB PAPA\Flash disc\LIMEWIRE\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime .zip"
Contain : Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\Java Runtime Environment.exe
"C:\Documents and Settings\fridi\Bureau\USB PAPA\Flash disc\LIMEWIRE\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime .zip"
Contain : Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\LimeWireWin.exe
"C:\Documents and Settings\fridi\Mes documents\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime .zip"
Contain : Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\Java Runtime Environment.exe
"C:\Documents and Settings\fridi\Mes documents\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime .zip"
Contain : Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\LimeWireWin.exe
################## | ! Fin du rapport # UsbFix V6.055 ! |
12 déc. 2009 à 01:12
User : _Zoheir_ (Administrateurs) # WXPJEB
Update on 10/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 01:04:15 | 12/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 9,76 Go (1,53 Go free) # FAT32
D:\ -> Disque fixe local # 133,82 Go (27,27 Go free) # FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 7,45 Go (5,3 Go free) [STORE N GO] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 672
C:\WINDOWS\system32\csrss.exe 756
C:\WINDOWS\system32\winlogon.exe 780
C:\WINDOWS\system32\services.exe 824
C:\WINDOWS\system32\lsass.exe 836
C:\WINDOWS\system32\svchost.exe 1012
C:\WINDOWS\system32\svchost.exe 1060
C:\WINDOWS\System32\svchost.exe 1100
C:\WINDOWS\system32\svchost.exe 1204
C:\WINDOWS\system32\svchost.exe 1232
C:\WINDOWS\system32\spoolsv.exe 1464
C:\WINDOWS\Explorer.EXE 1592
C:\WINDOWS\system32\ctfmon.exe 1604
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1620
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1740
D:\BTNtService.exe 1756
C:\WINDOWS\system32\svchost.exe 1936
C:\WINDOWS\system32\VTTimer.exe 264
C:\WINDOWS\system32\S3trayp.exe 272
C:\WINDOWS\vsnpstd3.exe 324
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 336
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 360
D:\Program Files\QuickTime\qttask.exe 376
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE 420
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 432
C:\Program Files\rkfree\rkfree.exe 468
C:\WINDOWS\System32\WScript.exe 500
C:\WINDOWS\System32\WScript.exe 520
C:\Program Files\uTorrent\uTorrent.exe 556
C:\Program Files\Software Informer\softinfo.exe 580
D:\zahra couture broderie\active synch\wcescomm.exe 620
D:\Program Files\Internet Download Manager\IDMan.exe 664
D:\BlueSoleil.exe 400
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 840
d:\ZAHRAC~1\ACTIVE~1\rapimgr.exe 1168
C:\WINDOWS\System32\WScript.exe 1352
C:\WINDOWS\System32\alg.exe 2140
D:\Program Files\Internet Download Manager\IEMonitor.exe 2400
C:\WINDOWS\system32\wuauclt.exe 2700
C:\WINDOWS\system32\wbem\wmiprvse.exe 3468
################## | Fichiers # Dossiers infectieux |
C:\WINDOWS\kubernesis.dll.vbe
C:\DOCUME~1\_Zoheir_\LOCALS~1\Temp\Ins103.tmp.exe
C:\autorun.inf
C:\kubernesis.vbe
D:\autorun.inf
D:\driver\usb
D:\kubernesis.vbe
F:\autorun.inf
F:\kubernesis.vbe
F:\vcuwf.pif
################## | Registre # Clés infectieuses |
[HKCU\SOFTWARE\Videohost]
[HKCU\SOFTWARE\XML]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Videohost"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{23e7b412-aed8-11de-9e13-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{23e7b413-aed8-11de-9e13-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
HKCU\..\..\Explorer\MountPoints2\{64c4ba9c-b076-11de-b50d-000000000000}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe
################## | Cracks / Keygens / Serials |
"D:\DU BUREAU\Hidden Object Game - Can You See What I See + Cracked.rar\akhareshe_Can_You_See_What_I_See.exe"
02/08/2008 02:08 |Size 62059008 |Crc32 56d6e430 |Md5 75a05f5089209b0682399446dea0f07f
"D:\zuma deluxe\ZUMA Deluxe + crack\ZumaSetup.exe"
18/05/2007 13:09 |Size 5930504 |Crc32 36f5d72d |Md5 3cc0a40c0aaed9cf67b6c04dca8b077c
"D:\SETUPS\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\ZumaSetup.exe
"D:\SETUPS\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe
"D:\Flash Disk_Zahra\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\ZumaSetup.exe
"D:\Flash Disk_Zahra\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe
"D:\zuma deluxe\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\ZumaSetup.exe
"D:\zuma deluxe\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe
"F:\Setup\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\ZumaSetup.exe
"F:\Setup\ZUMA Deluxe + crack.rar"
-> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe
################## | ! Fin du rapport # UsbFix V6.061 ! |
12 déc. 2009 à 11:34
J'ai également le virus Anna...
Pouvez vous m'aider?
Voici le rapport de usbfix
Cordialement
############################## | UsbFix V6.061 |
User : Caisse (Administrateurs) # REZ-69FBB797B6A
Update on 10/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 10:05:25 | 12/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : PC Tools AntiVirus 6.0.0.19 6.0.0.19 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 74,34 Go (28,38 Go free) # NTFS
G:\ -> Disque CD-ROM # 65,25 Mo (0 Mo free) [HINDIGO CD] # UDF
H:\ -> Disque fixe local # 78,13 Go (46,67 Go free) [System] # NTFS
I:\ -> Disque fixe local # 154,75 Go (119,58 Go free) [Donnees] # NTFS
V:\ -> Disque amovible
W:\ -> Disque amovible
X:\ -> Disque amovible
Y:\ -> Disque amovible
Z:\ -> Disque amovible
############################## | Processus actifs |
H:\WINDOWS\System32\smss.exe 692
H:\WINDOWS\system32\csrss.exe 884
H:\WINDOWS\system32\winlogon.exe 908
H:\WINDOWS\system32\services.exe 952
H:\WINDOWS\system32\lsass.exe 964
H:\WINDOWS\system32\svchost.exe 1144
H:\WINDOWS\system32\svchost.exe 1212
H:\WINDOWS\System32\svchost.exe 1308
H:\WINDOWS\system32\svchost.exe 1428
H:\WINDOWS\system32\svchost.exe 1500
H:\WINDOWS\system32\spoolsv.exe 1708
H:\WINDOWS\Explorer.EXE 1968
H:\WINDOWS\system32\S3trayp.exe 328
H:\WINDOWS\system32\VTTimer.exe 336
H:\WINDOWS\RTHDCPL.EXE 348
H:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe 416
H:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe 428
H:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe 436
H:\Program Files\Canon\MyPrinter\BJMyPrt.exe 456
H:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe 504
H:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe 520
H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 532
H:\Program Files\iTunes\iTunesHelper.exe 568
H:\Program Files\PC Tools AntiVirus\PCTAV.exe 580
H:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe 584
H:\WINDOWS\System32\WScript.exe 644
H:\WINDOWS\system32\ctfmon.exe 668
H:\Program Files\Windows Live\Messenger\msnmsgr.exe 684
H:\Program Files\Messenger\msmsgs.exe 192
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 708
H:\Program Files\3M\PSNLite\PsnLite.exe 1160
H:\Documents and Settings\Caisse\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 1268
H:\PROGRA~1\3M\PSNLite\PSNGive.exe 1296
H:\Program Files\OpenOffice.org 3\program\soffice.exe 1336
H:\Program Files\OpenOffice.org 3\program\soffice.bin 1444
H:\WINDOWS\system32\svchost.exe 484
H:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe 1252
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1364
H:\Program Files\Bonjour\mDNSResponder.exe 1504
H:\PVSW\Bin\WGE_SRV.exe 1648
H:\Program Files\TouchUtility\UTCServiceApp.exe 1856
H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe 1940
H:\WINDOWS\system32\svchost.exe 2244
H:\Program Files\iPod\bin\iPodService.exe 3956
H:\WINDOWS\System32\alg.exe 2080
H:\Program Files\Internet Explorer\iexplore.exe 2240
H:\Program Files\Internet Explorer\iexplore.exe 3584
H:\Program Files\Windows Media Player\wmplayer.exe 3856
H:\Program Files\EBP\PDV12.2\FrontOffice.exe 2660
H:\PVSW\Bin\W3DBSMGR.EXE 3296
H:\Program Files\Internet Explorer\iexplore.exe 4004
H:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe 1764
H:\Program Files\Windows Live\Contacts\wlcomm.exe 3076
H:\Program Files\EBP\PDV12.2\BackOffice.exe 356
H:\WINDOWS\system32\wbem\wmiprvse.exe 3472
################## | Fichiers # Dossiers infectieux |
H:\WINDOWS\winrun.dll.vbs
H:\DOCUME~1\Caisse\LOCALS~1\Temp\epurcfrver20.dll.zip
H:\autorun.inf
H:\winrun.vbs
I:\autorun.inf
I:\winrun.vbs
################## | Registre # Clés infectieuses |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "officescan"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "winrun.dll"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\D
Shell\AutoRun\command =D:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{08e9dab8-4a19-11de-ac8e-001d927eebe6}
Shell\AutoRun\command =E:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{c5f994f4-e663-11de-ad3a-001d927eebe6}
Shell\AutoRun\command =H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
HKCU\..\..\Explorer\MountPoints2\{ec3c4e3f-5668-11de-ac9c-001d927eebe6}
Shell\AutoRun\command =C:\setupSNK.exe
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.061 ! |