Virus anna I liebe you-- milk@3

Résolu
daly260 Messages postés 29 Statut Membre -  
 abdel31 -
Bonjour,
lorsque j'ouvre une fenêtre de windows, j'ai la phrase 'anna I liebe you-- milk3' qui apparait en haut dans la barre de la fenêtre. je pense que c'est un virus. comment faire pour le supprimer définitivement ? merci.
Configuration: Windows XP Internet Explorer 7.0

15 réponses

  1. Utilisateur anonyme
     
    Salut ,

    • Télécharge UsbFix sur ton bureau .

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
    https://www.androidworld.fr/
    https://www.androidworld.fr/
    http://www.commentcamarche.net/telecharger/telecharger-34066197-usbfix

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur "UsbFix.exe" présent sur ton bureau .

    • Choisis l'option F pour français et tape sur [entrée] .

    • Choisis l'option 1 ( Recherche ) et tape sur [entrée] .

    • Laisse travailler l'outil.

    Ensuite post le rapport UsbFix.txt qui apparaitra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
    3
    1. papa
       
      Bonjour,
      Comme j'ai eu le meme probleme que Daly, j'ai effectué les memes opérations que vous avez indiqué. Voici le rapport. merci pour votre aide.

      ############################## | UsbFix V6.055 |

      User : PAPA (Administrateurs) # JAWAD-4C7B02E30
      Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 12:42:27 | 22/11/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      Intel(R) Pentium(R) 4 CPU 3.00GHz
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      Internet Explorer 6.0.2900.2180
      Windows Firewall Status : Enabled
      AV : avast! antivirus 4.8.1351 [VPS 091122-0] 4.8.1351 [ Enabled | Updated ]
      AV : Kaspersky Internet Security 8.0.0.506 [ Enabled | Updated ]
      FW : Kaspersky Internet Security[ Enabled ]8.0.0.506

      A:\ -> Lecteur de disquettes 3 ½ pouces
      C:\ -> Disque fixe local # 74,52 Go (30,02 Go free) # NTFS
      D:\ -> Disque CD-ROM
      E:\ -> Disque amovible # 3,76 Go (2,49 Go free) [L FRIDI] # FAT32

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe 1088
      C:\WINDOWS\system32\csrss.exe 1224
      C:\WINDOWS\system32\winlogon.exe 1564
      C:\WINDOWS\system32\services.exe 1608
      C:\WINDOWS\system32\lsass.exe 1620
      C:\WINDOWS\system32\svchost.exe 1796
      C:\WINDOWS\system32\svchost.exe 1844
      C:\WINDOWS\System32\svchost.exe 168
      C:\WINDOWS\system32\svchost.exe 476
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 756
      C:\Program Files\Alwil Software\Avast4\ashServ.exe 816
      C:\WINDOWS\system32\spoolsv.exe 1468
      C:\Program Files\AskBarDis\bar\bin\AskService.exe 1972
      C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe 1992
      C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE 252
      C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE 296
      C:\Program Files\Java\jre6\bin\jqs.exe 388
      C:\WINDOWS\system32\svchost.exe 676
      C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 1444
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 964
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 996
      C:\WINDOWS\System32\svchost.exe 2156
      C:\WINDOWS\Explorer.EXE 552
      C:\WINDOWS\system32\VTTimer.exe 2100
      C:\WINDOWS\system32\VTtrayp.exe 2108
      C:\WINDOWS\RTHDCPL.EXE 2136
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe 2128
      C:\Program Files\QuickTime\qttask.exe 2208
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 2388
      C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe 2420
      C:\Program Files\Java\jre6\bin\jusched.exe 2472
      C:\WINDOWS\System32\WScript.exe 2652
      C:\WINDOWS\System32\WScript.exe 2676
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 2688
      C:\WINDOWS\system32\ctfmon.exe 2696
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE 2724
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2752
      C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 2824
      C:\WINDOWS\System32\WScript.exe 2936
      C:\Program Files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe 2964
      C:\Program Files\WordWiseLookup\WordWiseLookup.exe 2992
      C:\Documents and Settings\fridi\Bureau\Zoheir\Logiciel\MessengerDiscovery 2\MessengerDiscovery 2.exe 3148
      C:\WINDOWS\system32\wbem\wmiprvse.exe 3868
      C:\Program Files\Internet Explorer\iexplore.exe 4036

      ################## | Fichiers # Dossiers infectieux |

      C:\WINDOWS\kubernesis.dll.vbe
      C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\kubernscan.vbe
      C:\autorun.inf
      C:\kubernesis.vbe
      E:\autorun.inf
      E:\kubernesis.vbe

      ################## | Registre # Clés infectieuses |

      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"

      ################## | Registre # Mountpoints2 |

      HKCU\..\..\Explorer\MountPoints2\{035eb3ff-f39c-11dd-ba0e-001921208751}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

      HKCU\..\..\Explorer\MountPoints2\{3c6a8494-fb87-11dd-ba26-0650430007d0}
      ShEll\AuTOplay\cOMmAnd =fyjl.cmd
      ShEll\AutoRun\command =fyjl.cmd
      ShEll\expLorE\cOmmand =fyjl.cmd
      ShEll\oPen\coMmAnd =fyjl.cmd

      HKCU\..\..\Explorer\MountPoints2\{805b0abb-4c73-11de-865e-0650430007d0}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{95cc283c-0f61-11d6-b9ed-001921208751}
      Shell\AutoRun\command =wscript.exe .\.vbs
      Shell\open\command =wscript.exe .\.vbs

      HKCU\..\..\Explorer\MountPoints2\{9e46c2d9-9d84-11de-876a-0650430007d0}
      Shell\AutoplaY\ComMAnd =E:\ydov.exe
      Shell\AutoRun\command =E:\ydov.exe
      Shell\explorE\CoMmand =E:\ydov.exe
      Shell\open\commAND =E:\ydov.exe

      HKCU\..\..\Explorer\MountPoints2\{b6f077f7-7f5c-11de-86fe-0650430007d0}
      Shell\AutoRun\command =28.bat
      Shell\open\Command =28.bat

      ################## | Cracks / Keygens / Serials |

      "C:\Documents and Settings\fridi\Bureau\USB PAPA\Flash disc\LIMEWIRE\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime .zip"
      Contain : Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\Java Runtime Environment.exe

      "C:\Documents and Settings\fridi\Bureau\USB PAPA\Flash disc\LIMEWIRE\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime .zip"
      Contain : Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\LimeWireWin.exe

      "C:\Documents and Settings\fridi\Mes documents\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime .zip"
      Contain : Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\Java Runtime Environment.exe

      "C:\Documents and Settings\fridi\Mes documents\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime .zip"
      Contain : Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\LimeWireWin.exe


      ################## | ! Fin du rapport # UsbFix V6.055 ! |
      0
    2. Zorrocom
       
      ############################## | UsbFix V6.061 |

      User : _Zoheir_ (Administrateurs) # WXPJEB
      Update on 10/12/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 01:04:15 | 12/12/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      Intel(R) Pentium(R) 4 CPU 3.00GHz
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      Internet Explorer 8.0.6001.18702
      Windows Firewall Status : Enabled

      A:\ -> Lecteur de disquettes 3 ½ pouces
      C:\ -> Disque fixe local # 9,76 Go (1,53 Go free) # FAT32
      D:\ -> Disque fixe local # 133,82 Go (27,27 Go free) # FAT32
      E:\ -> Disque CD-ROM
      F:\ -> Disque amovible # 7,45 Go (5,3 Go free) [STORE N GO] # FAT32

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe 672
      C:\WINDOWS\system32\csrss.exe 756
      C:\WINDOWS\system32\winlogon.exe 780
      C:\WINDOWS\system32\services.exe 824
      C:\WINDOWS\system32\lsass.exe 836
      C:\WINDOWS\system32\svchost.exe 1012
      C:\WINDOWS\system32\svchost.exe 1060
      C:\WINDOWS\System32\svchost.exe 1100
      C:\WINDOWS\system32\svchost.exe 1204
      C:\WINDOWS\system32\svchost.exe 1232
      C:\WINDOWS\system32\spoolsv.exe 1464
      C:\WINDOWS\Explorer.EXE 1592
      C:\WINDOWS\system32\ctfmon.exe 1604
      C:\Program Files\Avira\AntiVir Desktop\sched.exe 1620
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1740
      D:\BTNtService.exe 1756
      C:\WINDOWS\system32\svchost.exe 1936
      C:\WINDOWS\system32\VTTimer.exe 264
      C:\WINDOWS\system32\S3trayp.exe 272
      C:\WINDOWS\vsnpstd3.exe 324
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 336
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 360
      D:\Program Files\QuickTime\qttask.exe 376
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE 420
      C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 432
      C:\Program Files\rkfree\rkfree.exe 468
      C:\WINDOWS\System32\WScript.exe 500
      C:\WINDOWS\System32\WScript.exe 520
      C:\Program Files\uTorrent\uTorrent.exe 556
      C:\Program Files\Software Informer\softinfo.exe 580
      D:\zahra couture broderie\active synch\wcescomm.exe 620
      D:\Program Files\Internet Download Manager\IDMan.exe 664
      D:\BlueSoleil.exe 400
      D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 840
      d:\ZAHRAC~1\ACTIVE~1\rapimgr.exe 1168
      C:\WINDOWS\System32\WScript.exe 1352
      C:\WINDOWS\System32\alg.exe 2140
      D:\Program Files\Internet Download Manager\IEMonitor.exe 2400
      C:\WINDOWS\system32\wuauclt.exe 2700
      C:\WINDOWS\system32\wbem\wmiprvse.exe 3468

      ################## | Fichiers # Dossiers infectieux |

      C:\WINDOWS\kubernesis.dll.vbe
      C:\DOCUME~1\_Zoheir_\LOCALS~1\Temp\Ins103.tmp.exe
      C:\autorun.inf
      C:\kubernesis.vbe
      D:\autorun.inf
      D:\driver\usb
      D:\kubernesis.vbe
      F:\autorun.inf
      F:\kubernesis.vbe
      F:\vcuwf.pif

      ################## | Registre # Clés infectieuses |

      [HKCU\SOFTWARE\Videohost]
      [HKCU\SOFTWARE\XML]
      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Videohost"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"

      ################## | Registre # Mountpoints2 |

      HKCU\..\..\Explorer\MountPoints2\{23e7b412-aed8-11de-9e13-806d6172696f}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{23e7b413-aed8-11de-9e13-806d6172696f}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{64c4ba9c-b076-11de-b50d-000000000000}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      ################## | Cracks / Keygens / Serials |

      "D:\DU BUREAU\Hidden Object Game - Can You See What I See + Cracked.rar\akhareshe_Can_You_See_What_I_See.exe"
      02/08/2008 02:08 |Size 62059008 |Crc32 56d6e430 |Md5 75a05f5089209b0682399446dea0f07f

      "D:\zuma deluxe\ZUMA Deluxe + crack\ZumaSetup.exe"
      18/05/2007 13:09 |Size 5930504 |Crc32 36f5d72d |Md5 3cc0a40c0aaed9cf67b6c04dca8b077c

      "D:\SETUPS\ZUMA Deluxe + crack.rar"
      -> contain : ZUMA Deluxe + crack\ZumaSetup.exe

      "D:\SETUPS\ZUMA Deluxe + crack.rar"
      -> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe

      "D:\Flash Disk_Zahra\ZUMA Deluxe + crack.rar"
      -> contain : ZUMA Deluxe + crack\ZumaSetup.exe

      "D:\Flash Disk_Zahra\ZUMA Deluxe + crack.rar"
      -> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe

      "D:\zuma deluxe\ZUMA Deluxe + crack.rar"
      -> contain : ZUMA Deluxe + crack\ZumaSetup.exe

      "D:\zuma deluxe\ZUMA Deluxe + crack.rar"
      -> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe

      "F:\Setup\ZUMA Deluxe + crack.rar"
      -> contain : ZUMA Deluxe + crack\ZumaSetup.exe

      "F:\Setup\ZUMA Deluxe + crack.rar"
      -> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe


      ################## | ! Fin du rapport # UsbFix V6.061 ! |
      0
    3. bustastar13 Messages postés 1 Statut Membre
       
      Bonjour,

      J'ai également le virus Anna...
      Pouvez vous m'aider?
      Voici le rapport de usbfix

      Cordialement



      ############################## | UsbFix V6.061 |

      User : Caisse (Administrateurs) # REZ-69FBB797B6A
      Update on 10/12/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 10:05:25 | 12/12/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 8.0.6001.18702
      Windows Firewall Status : Enabled
      AV : PC Tools AntiVirus 6.0.0.19 6.0.0.19 [ Enabled | (!) Outdated ]

      A:\ -> Lecteur de disquettes 3 ½ pouces
      C:\ -> Disque fixe local # 74,34 Go (28,38 Go free) # NTFS
      G:\ -> Disque CD-ROM # 65,25 Mo (0 Mo free) [HINDIGO CD] # UDF
      H:\ -> Disque fixe local # 78,13 Go (46,67 Go free) [System] # NTFS
      I:\ -> Disque fixe local # 154,75 Go (119,58 Go free) [Donnees] # NTFS
      V:\ -> Disque amovible
      W:\ -> Disque amovible
      X:\ -> Disque amovible
      Y:\ -> Disque amovible
      Z:\ -> Disque amovible

      ############################## | Processus actifs |

      H:\WINDOWS\System32\smss.exe 692
      H:\WINDOWS\system32\csrss.exe 884
      H:\WINDOWS\system32\winlogon.exe 908
      H:\WINDOWS\system32\services.exe 952
      H:\WINDOWS\system32\lsass.exe 964
      H:\WINDOWS\system32\svchost.exe 1144
      H:\WINDOWS\system32\svchost.exe 1212
      H:\WINDOWS\System32\svchost.exe 1308
      H:\WINDOWS\system32\svchost.exe 1428
      H:\WINDOWS\system32\svchost.exe 1500
      H:\WINDOWS\system32\spoolsv.exe 1708
      H:\WINDOWS\Explorer.EXE 1968
      H:\WINDOWS\system32\S3trayp.exe 328
      H:\WINDOWS\system32\VTTimer.exe 336
      H:\WINDOWS\RTHDCPL.EXE 348
      H:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe 416
      H:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe 428
      H:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe 436
      H:\Program Files\Canon\MyPrinter\BJMyPrt.exe 456
      H:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe 504
      H:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe 520
      H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 532
      H:\Program Files\iTunes\iTunesHelper.exe 568
      H:\Program Files\PC Tools AntiVirus\PCTAV.exe 580
      H:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe 584
      H:\WINDOWS\System32\WScript.exe 644
      H:\WINDOWS\system32\ctfmon.exe 668
      H:\Program Files\Windows Live\Messenger\msnmsgr.exe 684
      H:\Program Files\Messenger\msmsgs.exe 192
      H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 708
      H:\Program Files\3M\PSNLite\PsnLite.exe 1160
      H:\Documents and Settings\Caisse\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 1268
      H:\PROGRA~1\3M\PSNLite\PSNGive.exe 1296
      H:\Program Files\OpenOffice.org 3\program\soffice.exe 1336
      H:\Program Files\OpenOffice.org 3\program\soffice.bin 1444
      H:\WINDOWS\system32\svchost.exe 484
      H:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe 1252
      H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1364
      H:\Program Files\Bonjour\mDNSResponder.exe 1504
      H:\PVSW\Bin\WGE_SRV.exe 1648
      H:\Program Files\TouchUtility\UTCServiceApp.exe 1856
      H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe 1940
      H:\WINDOWS\system32\svchost.exe 2244
      H:\Program Files\iPod\bin\iPodService.exe 3956
      H:\WINDOWS\System32\alg.exe 2080
      H:\Program Files\Internet Explorer\iexplore.exe 2240
      H:\Program Files\Internet Explorer\iexplore.exe 3584
      H:\Program Files\Windows Media Player\wmplayer.exe 3856
      H:\Program Files\EBP\PDV12.2\FrontOffice.exe 2660
      H:\PVSW\Bin\W3DBSMGR.EXE 3296
      H:\Program Files\Internet Explorer\iexplore.exe 4004
      H:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe 1764
      H:\Program Files\Windows Live\Contacts\wlcomm.exe 3076
      H:\Program Files\EBP\PDV12.2\BackOffice.exe 356
      H:\WINDOWS\system32\wbem\wmiprvse.exe 3472

      ################## | Fichiers # Dossiers infectieux |

      H:\WINDOWS\winrun.dll.vbs
      H:\DOCUME~1\Caisse\LOCALS~1\Temp\epurcfrver20.dll.zip
      H:\autorun.inf
      H:\winrun.vbs
      I:\autorun.inf
      I:\winrun.vbs

      ################## | Registre # Clés infectieuses |

      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "officescan"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "winrun.dll"

      ################## | Registre # Mountpoints2 |

      HKCU\..\..\Explorer\MountPoints2\D
      Shell\AutoRun\command =D:\LaunchU3.exe -a

      HKCU\..\..\Explorer\MountPoints2\{08e9dab8-4a19-11de-ac8e-001d927eebe6}
      Shell\AutoRun\command =E:\LaunchU3.exe -a

      HKCU\..\..\Explorer\MountPoints2\{c5f994f4-e663-11de-ad3a-001d927eebe6}
      Shell\AutoRun\command =H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs

      HKCU\..\..\Explorer\MountPoints2\{ec3c4e3f-5668-11de-ac9c-001d927eebe6}
      Shell\AutoRun\command =C:\setupSNK.exe

      ################## | Cracks / Keygens / Serials |


      ################## | ! Fin du rapport # UsbFix V6.061 ! |
      0
  2. daly260 Messages postés 29 Statut Membre 24
     
    ah c'est génial !!
    je n'ai plus ce virus anna I liebe you en haut de ma fenêtre !
    merci beaucoup !!
    2
  3. daly260 Messages postés 29 Statut Membre 24
     
    ############################## | UsbFix V6.043 |

    User : Dalila (Administrateurs) # UNICORNI-4A3F81
    Update on 21/10/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 15:09:20 | 22/10/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) M processor 1.73GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    C:\ -> Disque fixe local # 55,88 Go (46,82 Go free) # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible # 3,76 Go (3,2 Go free) [DALILA] # FAT32

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |

    C:\autorun.inf

    ################## | Registre # Clés Run infectieuses |

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"

    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{2df3f56a-acdd-11de-92a4-001167000000}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{46ea35a8-9cb0-11de-926a-001167000000}
    Shell\AutoRun\command =E:\start.exe

    HKCU\..\..\Explorer\MountPoints2\{ba90296c-a6c7-11de-928f-001167000000}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    ################## | Suspect | https://www.virustotal.com/gui/ |

    ################## | Cracks / Keygens / Serials |

    "C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe"
    26/04/2005 12:15 |Size 258048 |Crc32 43272192 |Md5 163f714859c9a6b09b8c901d43f9d745

    ################## | ! Fin du rapport # UsbFix V6.043 ! |
    1
  4. Utilisateur anonyme
     
    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    • Double clic sur "UsbFix.exe" présent sur ton bureau .

    • Choisis l' option F pour français et et tape sur [entrée] .

    • choisis l'option 2 ( Suppression ) et tape sur [entrée].

    • Ton bureau disparaitra et le pc redémarrera .

    • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. daly260 Messages postés 29 Statut Membre 24
     
    je ne retrouve pas usbfix sur mon bureau, dois-je le retélécharger de nouveau et suivre la deuxième étape ?
    1
  7. Utilisateur anonyme
     
    OUI , retélécharge le dans ce cas et oui passe directement l option 2
    1
  8. Utilisateur anonyme
     
    de rien ;)

    si tu n as pas d autres soucis change le statut du sujet en resolu stp

    https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
    1
    1. papa
       
      Merci beaucoup Chiquitine, le virus a disparu. Mille lercis
      0
    2. SOUYAN
       
      Bonjour,
      J'ai le même virus, voici mon rapport et merci infiniment pour votre aide.


      ############################## | UsbFix V6.074 |

      User : perso (Administrateurs) # RELATIONPUBLIQU
      Update on 15/01/2010 by El Desaparecido , C_XX & Chimay8
      Start at: 10:10:13 | 18/01/2010
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 8.0.6001.18702
      Windows Firewall Status : Disabled
      AV : Kaspersky Internet Security 9.0.0.736 [ Enabled | Updated ]
      FW : Kaspersky Internet Security[ Enabled ]9.0.0.736

      A:\ -> Lecteur de disquettes 3 ½ pouces
      C:\ -> Disque fixe local # 78,24 Go (58,81 Go free) [System] # NTFS
      D:\ -> Disque fixe local # 70,81 Go (4,06 Go free) [Datas] # NTFS
      E:\ -> Disque CD-ROM
      F:\ -> Disque amovible # 3,73 Go (2 Go free) # FAT32
      G:\ -> Disque amovible # 124 Mo (1,91 Mo free) # FAT32

      ############################## | Processus actifs |


      ################## | Elements infectieux |

      C:\autorun.inf
      F:\autorun.inf
      F:\kubernesis.vbe
      G:\autorun.inf

      ################## | Registre |

      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"

      ################## | Mountpoints2 |

      HKCU\..\..\Explorer\MountPoints2\{69b949ee-6091-11de-bbab-001d92844d87}
      Shell\AutoRun\command =F:\w9hw8.exe
      Shell\open\Command =F:\w9hw8.exe

      HKCU\..\..\Explorer\MountPoints2\{69b949f2-6091-11de-bbab-001d92844d87}
      Shell\AutoRun\command =wscript.exe .\.vbs
      Shell\open\command =wscript.exe .\.vbs

      HKCU\..\..\Explorer\MountPoints2\{6d6d78fe-5fda-11de-bba8-001d92844d87}
      Shell\AutoRun\command =wscript.exe .\.vbs
      Shell\open\command =wscript.exe .\.vbs

      HKCU\..\..\Explorer\MountPoints2\{78243390-7519-11de-bbc4-001d92844d87}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{80b4f77a-63c1-11de-bbb2-001d92844d87}
      Shell\AutoRun\command =F:\mranjm.exe
      Shell\open\Command =F:\mranjm.exe

      HKCU\..\..\Explorer\MountPoints2\{911c26f3-faa6-11de-bc39-001d92844d87}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{911c26f4-faa6-11de-bc39-001d92844d87}
      Shell\AutoRun\command =F:\mbdm.exe
      Shell\open\Command =F:\mbdm.exe

      HKCU\..\..\Explorer\MountPoints2\{a914b84d-fdc8-11de-bc3b-001d92844d87}
      Shell\AutoRun\command =F:\8xcrbho6.exe
      Shell\open\Command =F:\8xcrbho6.exe

      ################## | Cracks > Keygens > Serials |


      ################## | ! Fin du rapport # UsbFix V6.074 ! |
      0
  9. Zorrocom
     
    ############################## | UsbFix V6.061 |

    User : zoheir (Administrateurs) # WXPJEB
    Update on 10/12/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 09:18:33 | 12/12/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) D CPU 3.00GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Disabled

    C:\ -> Disque fixe local # 9,77 Go (674,88 Mo free) # NTFS
    D:\ -> Disque fixe local # 455,99 Go (704,37 Mo free) # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque CD-ROM
    G:\ -> Disque amovible # 7,45 Go (5,3 Go free) [STORE N GO] # FAT32

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 632
    C:\WINDOWS\system32\csrss.exe 680
    C:\WINDOWS\system32\winlogon.exe 704
    C:\WINDOWS\system32\services.exe 748
    C:\WINDOWS\system32\lsass.exe 760
    C:\WINDOWS\system32\svchost.exe 916
    C:\WINDOWS\system32\svchost.exe 984
    C:\WINDOWS\System32\svchost.exe 1080
    C:\WINDOWS\system32\svchost.exe 1120
    C:\WINDOWS\system32\svchost.exe 1192
    C:\WINDOWS\system32\svchost.exe 1280
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1396
    C:\Program Files\Alwil Software\Avast4\ashServ.exe 1468
    C:\WINDOWS\Explorer.EXE 1640
    C:\WINDOWS\system32\igfxtray.exe 1712
    C:\WINDOWS\system32\igfxpers.exe 1728
    C:\WINDOWS\RTHDCPL.EXE 1736
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1752
    C:\WINDOWS\System32\WScript.exe 1812
    C:\WINDOWS\System32\WScript.exe 1840
    C:\Program Files\Nouvelle Cible Studio\Wake Up Stand Up Réveil\wusur.exe 1872
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1904
    C:\WINDOWS\system32\ctfmon.exe 1912
    C:\Program Files\Internet Download Manager\IDMan.exe 1924
    C:\Program Files\Messenger\msmsgs.exe 1932
    C:\DOCUME~1\zoheir\LOCALS~1\Temp\mrt1.tmp\stdrt.exe 1992
    C:\WINDOWS\System32\WScript.exe 2012
    C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe 128
    C:\WINDOWS\system32\spoolsv.exe 524
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1344
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2188
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2204
    C:\WINDOWS\System32\alg.exe 2776
    C:\Program Files\ClubTimer\Server\ClubServer.exe 3012
    C:\Program Files\ClubTimer\ClubAdmin.exe 3096
    C:\Program Files\Internet Explorer\iexplore.exe 2620
    C:\Program Files\Windows Live\Toolbar\wltuser.exe 2412
    C:\Program Files\VideoLAN\VLC\vlc.exe 3060
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3460
    C:\WINDOWS\system32\wbem\wmiprvse.exe 2744

    ################## | Fichiers # Dossiers infectieux |

    C:\WINDOWS\kubernesis.dll.vbe
    C:\autorun.inf
    C:\kubernesis.vbe
    D:\autorun.inf
    D:\kubernesis.vbe
    G:\kubernesis.vbe
    G:\vcuwf.pif

    ################## | Registre # Clés infectieuses |

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"

    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\G
    Shell\AutoRun\command =G:\LaunchU3.exe -a

    HKCU\..\..\Explorer\MountPoints2\{39008ec2-ce47-11de-b2f9-001a4d994793}
    Shell\AutoRun\command =F:\hjvjte.exe
    Shell\open\Command =F:\hjvjte.exe

    HKCU\..\..\Explorer\MountPoints2\{450685f2-e12a-11de-b555-001a4d994793}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{4c6de74d-e51a-11de-b55f-001a4d994793}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{50165e35-da59-11de-b547-001a4d994793}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{58a40ccb-dadc-11de-b548-001a4d994793}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{7afcc491-c2d2-11de-b2d3-001a4d994793}
    Shell\AutoRun\command =F:\zPharaoh.exe
    Shell\explore\command =F:\zPharaoh.exe
    Shell\open\command =F:\zPharaoh.exe

    HKCU\..\..\Explorer\MountPoints2\{7c76325e-e203-11de-b557-001a4d994793}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{85810a09-d018-11de-b2ff-001a4d994793}
    Shell\AutoRun\command =F:\RunVer.exe
    Shell\explore\Command =F:\RunVer.exe e
    Shell\open\Command =F:\RunVer.exe e

    HKCU\..\..\Explorer\MountPoints2\{e00a740e-dbe5-11de-b549-001a4d994793}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    ################## | Cracks / Keygens / Serials |

    "D:\Reparations\A-One FLV to AVI MPEG WMV 3GP MP4 iPod Converter v3.9 [H3X4 Serial][h33t][matt14]\flv2video_converter.exe"
    02/12/2007 03:40 |Size 3968989 |Crc32 300770de |Md5 7f574306add4959b27f97ed4efbd8265

    "D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\s2kdos.exe"
    15/06/2004 11:00 |Size 19932 |Crc32 66ecc349 |Md5 6643384b3886aef0ab574011318e3635

    "D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\serial2k.exe"
    15/06/2004 11:00 |Size 205312 |Crc32 c803e522 |Md5 7fa98409b7f4d89953b52f6e90738cd0

    "D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\unins000.exe"
    25/04/2004 19:07 |Size 47815 |Crc32 2f403942 |Md5 dce4e4e74a71b539c7e08fc9a7c115b1

    "D:\Reparations\Serials2007Plus\Serials 2000 7.1 Plus\Add-on\UnSEU2.exe"
    15/06/2004 11:00 |Size 92640 |Crc32 ad8039a3 |Md5 241214acef6e1415b897e33a4ee1788d

    "D:\CHAT\antivirus nod32_ 2.7 FRENCH + crack.zip"
    -> Contain : nod32_nod32_2.7_francais_21922\ESET[1].NOD32.v2.70.23.WinNT2K2K3XP.Cracked-FYN\ESET.NOD32.v2.70.23.WinNT2K2K3XP.Cracked-FYN\NOD32.patch\NOD32.patch\NOD32.FiX.v2.1.exe

    "D:\CHAT\antivirus nod32_ 2.7 FRENCH + crack.zip"
    -> Contain : nod32_nod32_2.7_francais_21922\NOD32_pour_Windows_NT-2000-XP-64bits-Vista.exe

    "G:\Setup\ZUMA Deluxe + crack.rar"
    -> contain : ZUMA Deluxe + crack\ZumaSetup.exe

    "G:\Setup\ZUMA Deluxe + crack.rar"
    -> contain : ZUMA Deluxe + crack\PopCap Zuma Deluxe! v1.0 (crack).exe

    ################## | ! Fin du rapport # UsbFix V6.061 ! |
    1
  10. sidou
     
    ############################## | UsbFix V6.084 |

    User : sidou (Administrateurs) # SERVER
    Update on 01/02/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 14:13:13 | 01/02/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) 4 CPU 3.40GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Enabled
    AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
    AV : avast! antivirus 4.8.1229 [VPS 080826-0] 4.8.1229 [ Enabled | (!) Outdated ]

    C:\ -> Disque fixe local # 39,06 Go (21,08 Go free) # NTFS
    D:\ -> Disque fixe local # 35,46 Go (31,15 Go free) # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque CD-ROM # 283,48 Mo (0 Mo free) [Mon disque] # CDFS

    ############################## | Processus actifs |

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\system32\VTTimer.exe
    D:\WINDOWS\system32\VTtrayp.exe
    D:\WINDOWS\RTHDCPL.EXE
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\system32\wdfmgr.exe
    D:\WINDOWS\System32\alg.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\setup\avast.setup
    d:\program files\avira\antivir personaledition classic\avcenter.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    D:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Elements infectieux |

    D:\DOCUME~1\sidou\LOCALS~1\Temp\nerodeltmp.exe
    C:\autorun.inf
    D:\autorun.inf

    ################## | Registre |

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{c83807c6-0f2a-11df-bdde-806d6172696f}
    Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{c83807c7-0f2a-11df-bdde-806d6172696f}
    Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    ################## | ! Fin du rapport # UsbFix V6.084 ! |
    0
  11. max4219
     
    merci d'avance pour ce que tu pourra faire pour kubernesis

    ############################## | UsbFix V6.092 |

    User : MAXIME (Administrateurs) # SANTARD
    Update on 07/02/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 20:11:24 | 07/02/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Mobile AMD Sempron(tm) Processor 3000+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 7.0.5730.13
    Windows Firewall Status : Disabled
    AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
    FW : Norton Internet Security[ Enabled ]2007

    C:\ -> Disque fixe local # 68,91 Go (1,79 Go free) # NTFS
    D:\ -> Disque fixe local # 5,6 Go (928,4 Mo free) [PRESARIO_RP] # FAT32
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible # 7,45 Go (7,44 Go free) [USB DISK] # FAT32
    G:\ -> Disque amovible # 245,84 Mo (192,18 Mo free) [MAX KEY] # FAT

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Elements infectieux |

    C:\WINDOWS\kubernesis.dll.vbe
    C:\WINDOWS\System32\wshost32.exe
    C:\autorun.inf
    C:\kubernesis.vbe
    C:\autorun.inf
    C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
    C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini
    C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811
    C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe
    C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1859\Desktop.ini
    C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1859
    D:\autorun.inf
    D:\kubernesis.vbe
    D:\autorun.inf
    F:\autorun.inf
    F:\kubernesis.vbe
    F:\autorun.inf
    G:\autorun.inf
    G:\kubernesis.vbe
    G:\autorun.inf

    ################## | Registre |

    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "13CFG914-K641-26SF-N31P"
    [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{2d7c37bf-cb3a-11db-84ad-000a9416f27c}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

    HKCU\..\..\Explorer\MountPoints2\{43c25e9c-ca79-11dc-85f1-000a9416f27c}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

    HKCU\..\..\Explorer\MountPoints2\{4e555d66-8d95-11dd-8691-000a9416f27c}
    Shell\AutoRun\command =F:\RECYCLEMGR\autorun.exe
    Shell\open\command =F:\RECYCLEMGR\autorun.exe

    HKCU\..\..\Explorer\MountPoints2\{55fedff6-4233-11db-83bb-000a9416f27c}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{598c1a26-2440-11dd-8650-000a9416f27c}
    Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe
    Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe

    HKCU\..\..\Explorer\MountPoints2\{5daf10cf-44bf-11dc-855e-000a9416f27c}
    Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
    Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe

    HKCU\..\..\Explorer\MountPoints2\{7a9fe674-4738-11dc-855f-000a9416f27c}
    Shell\Auto\command =sxs.exe
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

    HKCU\..\..\Explorer\MountPoints2\{7c464b2e-d42a-11dc-85fc-000a9416f27c}
    Shell\Auto\command =AdobeR.exe e
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

    HKCU\..\..\Explorer\MountPoints2\{7e72d42c-701a-11dc-8596-000a9416f27c}
    Shell\AutoRun\command =F:\LaunchU3.exe -a

    HKCU\..\..\Explorer\MountPoints2\{8c47c84c-0d52-11de-8721-000a9416f27c}
    Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
    Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe

    HKCU\..\..\Explorer\MountPoints2\{91a20224-9ce4-11dc-85be-000a9416f27c}
    Shell\Auto\command =AdobeR.exe e
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

    HKCU\..\..\Explorer\MountPoints2\{95db889d-837c-11db-842b-000a9416f27c}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

    HKCU\..\..\Explorer\MountPoints2\{9846336e-5a82-11dd-8671-000a9416f27c}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

    HKCU\..\..\Explorer\MountPoints2\{ae627798-a4e3-11de-8775-000a9416f27c}
    Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
    Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe

    HKCU\..\..\Explorer\MountPoints2\{ae867e28-f379-11dd-870f-000a9416f27c}
    Shell\AutoRun\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
    Shell\open\command =F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe

    HKCU\..\..\Explorer\MountPoints2\{c3c157e5-ff97-11de-87d6-000a9416f27c}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{efe536a3-0b3c-11db-835a-806d6172696f}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné !

    ################## | ! Fin du rapport # UsbFix V6.092 ! |
    0
  12. bonobel Messages postés 2 Statut Membre
     
    merci de bien m'aider :)

    ############################## | UsbFix V6.097 |

    User : BONO (Administrateurs) # HOME
    Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 00:57:49 | 02/03/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) 4 CPU 2.80GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : Kaspersky Anti-Virus 8.0.0.506 [ (!) Disabled | (!) Outdated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local # 14,64 Go (9,37 Go free) # FAT32
    D:\ -> Disque fixe local # 29,29 Go (22,9 Go free) # NTFS
    E:\ -> Disque fixe local # 29,28 Go (11,13 Go free) # FAT32
    F:\ -> Disque fixe local # 41,24 Go (37,62 Go free) # NTFS
    G:\ -> Disque CD-ROM
    I:\ -> Disque fixe local # 77,64 Go (3,92 Go free) # NTFS
    J:\ -> Disque fixe local # 71,41 Go (65,5 Go free) # NTFS

    ############################## | Processus actifs |

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\Program Files\Athan\Athan.exe
    D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    D:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\WINDOWS\System32\alg.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Internet Explorer\IEXPLORE.EXE

    ################## | Elements infectieux |

    C:\autorun.inf
    C:\kubernesis.vbe
    D:\autorun.inf
    D:\kubernesis.vbe
    E:\autorun.inf
    E:\kubernesis.vbe
    F:\autorun.inf
    F:\kubernesis.vbe
    I:\autorun.inf
    I:\kubernesis.vbe
    J:\autorun.inf
    J:\kubernesis.vbe

    ################## | Registre |

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{047fe948-2555-11df-b6e4-001485e1f78a}
    Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{047fe949-2555-11df-b6e4-001485e1f78a}
    Shell\AutoRun\command =D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    ################## | Vaccin |

    ################## | ! Fin du rapport # UsbFix V6.097 ! |
    0
  13. ricob29 Messages postés 1 Date d'inscription   Statut Membre Dernière intervention  
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:44:17, on 03/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\USB_HD\Change Icon\ChangeIcon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ACEngSvr.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [Change Icon] C:\Program Files\USB_HD\Change Icon\ChangeIcon.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.fr/s/v/56.11/uploader2.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/51.28/uploader2.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploader4.cab
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    0
    1. menana
       
      ############################## | UsbFix V6.101 |

      User : Administrateur (Administrateurs) # HPDX2400
      Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
      Start at: 12:47:13 | 09/05/2010
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      Internet Explorer 6.0.2900.2180
      Windows Firewall Status : Enabled
      AV : Total Protection 4.9.0.340 [ (!) Disabled | (!) Outdated ]
      AV : avast! antivirus 4.8.1368 [VPS 100409-0] 4.8.1368 [ Enabled | (!) Outdated ]

      C:\ -> Disque fixe local # 139,03 Go (102,1 Go free) [Systeme] # NTFS
      D:\ -> Disque fixe local # 10 Go (6,2 Go free) [HP_RECOVERY] # NTFS
      E:\ -> Disque CD-ROM
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible
      I:\ -> Disque amovible
      J:\ -> Disque fixe local # 149,05 Go (110,63 Go free) [Travaux] # NTFS
      K:\ -> Disque fixe local # 465,76 Go (212,83 Go free) [Disque Externe] # NTFS

      ################## | Elements infectieux |

      C:\WINDOWS\kubernesis.dll.vbe
      C:\WINDOWS\System32\autorun.ini
      C:\autorun.inf
      C:\kubernesis.vbe
      C:\system32
      D:\autorun.inf
      D:\kubernesis.vbe
      J:\autorun.inf
      J:\kubernesis.vbe
      K:\autorun.inf
      K:\kubernesis.vbe

      ################## | Registre |

      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo Messengger"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"

      ################## | Mountpoints2 |

      HKCU\..\..\Explorer\MountPoints2\{08ba6c79-1bf2-11df-9392-00215a74f5a8}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{493908af-59c2-11df-93be-00215a74f5a8}
      Shell\AutoRun\command =system32/rundll.exe
      Shell\explore\command =system32/rundll.exe
      Shell\open\command =system32/rundll.exe

      HKCU\..\..\Explorer\MountPoints2\{7420d898-e056-11de-9339-00215a74f5a8}
      Shell\AutoRun\command =K:\sidali406.exe
      Shell\explore\command =K:\sidali406.exe
      Shell\Open\command =K:\sidali406.exe

      HKCU\..\..\Explorer\MountPoints2\{79d5bb73-bfa7-11de-92e8-00215a74f5a8}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{c3ca088b-2b4c-11de-835a-00215a74f5a8}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{cd23a352-b25c-11de-925f-00215a74f5a8}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{d429b1fc-7793-11de-83f0-00215a74f5a8}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{d429b201-7793-11de-83f0-00215a74f5a8}
      Shell\AutoRun\command =Qjkcym.eXE
      Shell\OPen\comMand =qJkCyM.eXe

      HKCU\..\..\Explorer\MountPoints2\{e8cee2fd-20bb-11df-9398-00215a74f5a8}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

      HKCU\..\..\Explorer\MountPoints2\{f089c540-7f5f-11de-83fe-00215a74f5a8}
      Shell\AutoRun\command =K:\kbxMrw.ExE
      Shell\OPEN\CoMmand =K:\kBXMRw.eXE

      ################## | Vaccin |


      ################## | ! Fin du rapport # UsbFix V6.101 ! |
      0
    2. abdel31
       
      salut jai le mm problem
      0
  14. Mama
     
    j'ai le même problème. J'ai éffectué les mêmes opération mais je ne comprends pas où je dois poster. Voici le raport.

    ############################## | UsbFix V6.101 |

    User : Administrateur (Administrateurs) # HPDX2400
    Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 12:59:16 | 09/05/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Enabled
    AV : Total Protection 4.9.0.340 [ (!) Disabled | (!) Outdated ]
    AV : avast! antivirus 4.8.1368 [VPS 100409-0] 4.8.1368 [ Enabled | (!) Outdated ]

    C:\ -> Disque fixe local # 139,03 Go (102,09 Go free) [Systeme] # NTFS
    D:\ -> Disque fixe local # 10 Go (6,2 Go free) [HP_RECOVERY] # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque fixe local # 149,05 Go (110,63 Go free) [Travaux] # NTFS
    K:\ -> Disque fixe local # 465,76 Go (212,83 Go free) [Disque Externe] # NTFS

    ################## | Elements infectieux |

    C:\WINDOWS\kubernesis.dll.vbe
    C:\WINDOWS\System32\autorun.ini
    C:\autorun.inf
    C:\kubernesis.vbe
    C:\system32
    D:\autorun.inf
    D:\kubernesis.vbe
    J:\autorun.inf
    J:\kubernesis.vbe
    K:\autorun.inf
    K:\kubernesis.vbe

    ################## | Registre |

    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo Messengger"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{08ba6c79-1bf2-11df-9392-00215a74f5a8}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{493908af-59c2-11df-93be-00215a74f5a8}
    Shell\AutoRun\command =system32/rundll.exe
    Shell\explore\command =system32/rundll.exe
    Shell\open\command =system32/rundll.exe

    HKCU\..\..\Explorer\MountPoints2\{7420d898-e056-11de-9339-00215a74f5a8}
    Shell\AutoRun\command =K:\sidali406.exe
    Shell\explore\command =K:\sidali406.exe
    Shell\Open\command =K:\sidali406.exe

    HKCU\..\..\Explorer\MountPoints2\{cd23a352-b25c-11de-925f-00215a74f5a8}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{d429b1fc-7793-11de-83f0-00215a74f5a8}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{d429b201-7793-11de-83f0-00215a74f5a8}
    Shell\AutoRun\command =Qjkcym.eXE
    Shell\OPen\comMand =qJkCyM.eXe

    HKCU\..\..\Explorer\MountPoints2\{e8cee2fd-20bb-11df-9398-00215a74f5a8}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{f089c540-7f5f-11de-83fe-00215a74f5a8}
    Shell\AutoRun\command =K:\kbxMrw.ExE
    Shell\OPEN\CoMmand =K:\kBXMRw.eXE

    ################## | Vaccin |

    ################## | ! Fin du rapport # UsbFix V6.101 ! |
    0
  15. Mama
     
    j'ai le même problème. J'ai éffectué les mêmes opération mais je ne comprends pas où je dois poster. Voici le raport.

    ############################## | UsbFix V6.101 |

    User : Administrateur (Administrateurs) # HPDX2400
    Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 12:59:16 | 09/05/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Enabled
    AV : Total Protection 4.9.0.340 [ (!) Disabled | (!) Outdated ]
    AV : avast! antivirus 4.8.1368 [VPS 100409-0] 4.8.1368 [ Enabled | (!) Outdated ]

    C:\ -> Disque fixe local # 139,03 Go (102,09 Go free) [Systeme] # NTFS
    D:\ -> Disque fixe local # 10 Go (6,2 Go free) [HP_RECOVERY] # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque fixe local # 149,05 Go (110,63 Go free) [Travaux] # NTFS
    K:\ -> Disque fixe local # 465,76 Go (212,83 Go free) [Disque Externe] # NTFS

    ################## | Elements infectieux |

    C:\WINDOWS\kubernesis.dll.vbe
    C:\WINDOWS\System32\autorun.ini
    C:\autorun.inf
    C:\kubernesis.vbe
    C:\system32
    D:\autorun.inf
    D:\kubernesis.vbe
    J:\autorun.inf
    J:\kubernesis.vbe
    K:\autorun.inf
    K:\kubernesis.vbe

    ################## | Registre |

    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo Messengger"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernscan"
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{08ba6c79-1bf2-11df-9392-00215a74f5a8}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{493908af-59c2-11df-93be-00215a74f5a8}
    Shell\AutoRun\command =system32/rundll.exe
    Shell\explore\command =system32/rundll.exe
    Shell\open\command =system32/rundll.exe

    HKCU\..\..\Explorer\MountPoints2\{7420d898-e056-11de-9339-00215a74f5a8}
    Shell\AutoRun\command =K:\sidali406.exe
    Shell\explore\command =K:\sidali406.exe
    Shell\Open\command =K:\sidali406.exe

    HKCU\..\..\Explorer\MountPoints2\{cd23a352-b25c-11de-925f-00215a74f5a8}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{d429b1fc-7793-11de-83f0-00215a74f5a8}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{d429b201-7793-11de-83f0-00215a74f5a8}
    Shell\AutoRun\command =Qjkcym.eXE
    Shell\OPen\comMand =qJkCyM.eXe

    HKCU\..\..\Explorer\MountPoints2\{e8cee2fd-20bb-11df-9398-00215a74f5a8}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe kubernesis.vbe

    HKCU\..\..\Explorer\MountPoints2\{f089c540-7f5f-11de-83fe-00215a74f5a8}
    Shell\AutoRun\command =K:\kbxMrw.ExE
    Shell\OPEN\CoMmand =K:\kBXMRw.eXE

    ################## | Vaccin |

    ################## | ! Fin du rapport # UsbFix V6.101 ! |
    0