2 réponses
salut :
▶ Télécharge et install UsbFix par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Télécharge et install UsbFix par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
salut supprime tous ces cracks et keygens source d 'infection puis :
▶ (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
User : Dr MUGANGA (Administrateurs) # DR-1933FA8958FB
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 8:13:04 AM | 12/2/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1367 [VPS 091201-1] 4.8.1367 [ Enabled | Updated ]
C:\ -> Disque fixe local # 50.88 Go (2.48 Go free) [ ] # NTFS
D:\ -> Disque fixe local # 60.89 Go (7.09 Go free) # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 212.9 Go (133.75 Go free) [DR MUGANGA] # NTFS
G:\ -> Disque fixe local # 19.99 Go (13.96 Go free) [Flash Disk] # NTFS
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 492
C:\WINDOWS\system32\csrss.exe 544
C:\WINDOWS\system32\winlogon.exe 576
C:\WINDOWS\system32\services.exe 620
C:\WINDOWS\system32\lsass.exe 632
C:\WINDOWS\system32\svchost.exe 796
C:\WINDOWS\system32\svchost.exe 844
C:\WINDOWS\System32\svchost.exe 936
C:\WINDOWS\system32\svchost.exe 976
C:\WINDOWS\system32\svchost.exe 1060
C:\WINDOWS\system32\svchost.exe 1104
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1212
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1272
C:\WINDOWS\Explorer.EXE 1432
C:\WINDOWS\RTHDCPL.EXE 1548
C:\WINDOWS\system32\RUNDLL32.EXE 1592
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe 1628
C:\Program Files\Nero\Nero 7\InCD\InCD.exe 1640
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe 1648
C:\WINDOWS\system32\rundll32.exe 1656
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1684
C:\Program Files\Winamp\Winampa.exe 1772
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 1796
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1804
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1816
C:\WINDOWS\system32\ctfmon.exe 1824
C:\Program Files\SuperCopier2\SuperCopier2.exe 1844
C:\Program Files\BitComet\BitComet.exe 1876
C:\Program Files\Skype\Phone\Skype.exe 1956
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE 1996
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe 2020
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKP.EXE 356
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 372
C:\WINDOWS\system32\spoolsv.exe 412
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe 1512
C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE 1776
C:\WINDOWS\system32\agrsmsvc.exe 2160
C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE 2180
C:\Program Files\Bonjour\mDNSResponder.exe 2188
C:\WINDOWS\system32\svchost.exe 2204
C:\DOCUME~1\DRMUGA~1\LOCALS~1\Temp\RtkBtMnt.exe 2336
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 2444
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2516
C:\WINDOWS\system32\nvsvc32.exe 2636
C:\WINDOWS\system32\HPZipm12.exe 2692
C:\WINDOWS\system32\svchost.exe 2788
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe 2868
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2948
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2980
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3448
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3600
C:\WINDOWS\system32\wscntfy.exe 3764
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 3832
C:\WINDOWS\System32\alg.exe 4004
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe 548
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe 1380
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe 2232
C:\Program Files\Skype\Plugin Manager\skypePM.exe 724
C:\Program Files\Internet Explorer\iexplore.exe 3392
C:\WINDOWS\system32\wbem\wmiprvse.exe 1588
################## | Fichiers # Dossiers infectieux |
C:\autorun.inf
C:\autorun.inf -> fichier appelé : "C:\ngp8l.exe" ( Présent ! )
C:\ngp8l.exe
D:\autorun.inf
D:\autorun.inf -> fichier appelé : "D:\ngp8l.exe" ( Absent ! )
F:\autorun.inf
F:\autorun.inf -> fichier appelé : "F:\wu1n.exe" ( Absent ! )
F:\lphfa.exe
F:\vk0w.exe
G:\autorun.inf
G:\autorun.inf -> fichier appelé : "G:\wu1n.exe" ( Absent ! )
G:\9g86.exe
################## | Spyware.OnlineGames |
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP100\A0038553.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP131\A0044887.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP131\A0044909.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0044971.DLL
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0044986.DLL
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045004.EXE
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045039.EXE
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045051.DLL
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045110.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP134\A0045139.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045171.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP154\A0047055.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP154\A0047058.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047201.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047203.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047204.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047206.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047207.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047209.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047210.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047211.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047213.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047216.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047220.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047227.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047228.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047230.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047231.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047234.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047238.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047239.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047240.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047242.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047250.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047250.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047268.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047279.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047291.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047291.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP156\A0047293.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047738.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047763.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047768.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP93\A0035978.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036793.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036802.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036804.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036849.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036858.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036895.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036896.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037319.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037343.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037348.dll
################## | Registre # Clés infectieuses |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
[HKLM\SOFTWARE\Classes\CLSID\MADOWN]
[HKCR\CLSID\MADOWN]
[HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]
[HKLM\SYSTEM\ControlSet001\Services\AVPsys]
[HKLM\SYSTEM\ControlSet002\Services\AVPsys]
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\F
Shell\AutoRun\command =F:\AutoRun.exe
HKCU\..\..\Explorer\MountPoints2\{053470ac-d02b-11de-baf1-001e6813dfb5}
Shell\AutoRun\command =F:\jim\carry\jIm.exe
Shell\open\command =F:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{2fe914c1-acc6-11de-ba4f-001e6813dfb5}
Shell\AutoRun\command =wu1n.exe
Shell\open\Command =wu1n.exe
HKCU\..\..\Explorer\MountPoints2\{2fe914c2-acc6-11de-ba4f-001e6813dfb5}
Shell\AutoRun\command =wu1n.exe
Shell\open\Command =wu1n.exe
HKCU\..\..\Explorer\MountPoints2\{31557b3a-9508-11de-b9ec-001e6813dfb5}
Shell\AutoRun\command =F:\s.exe
Shell\open\Command =F:\s.exe
HKCU\..\..\Explorer\MountPoints2\{320fa499-a36c-11de-ba28-001986001dc9}
Shell\AutoRun\command =G:\ewqij.bat
Shell\open\Command =G:\ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{320fa49a-a36c-11de-ba28-001986001dc9}
Shell\AutoRun\command =ewqij.bat
Shell\open\Command =ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{4609c6cc-bef8-11de-baa3-001e6813dfb5}
Shell\AutoRun\command =F:\bycfht.exe
Shell\open\Command =F:\bycfht.exe
HKCU\..\..\Explorer\MountPoints2\{48b8604a-c3bf-11de-bab8-001e6813dfb5}
Shell\AutoRun\command =F:\jim\carry\jIm.exe
Shell\open\command =F:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{8433b00c-940f-11de-b9e8-001986001dc9}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
Shell\Ouvrir\command =log.exe
HKCU\..\..\Explorer\MountPoints2\{8433b00f-940f-11de-b9e8-001986001dc9}
Shell\AutoRun\command =H:\ewqij.bat
Shell\open\Command =H:\ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{89125929-d00a-11de-baed-001e6813dfb5}
Shell\AutoRun\command =G:\jim\carry\jIm.exe
Shell\open\command =G:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{894395ae-d025-11de-baf0-001f3a0f7959}
Shell\AutoRun\command =F:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe
Shell\open\command =F:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe
HKCU\..\..\Explorer\MountPoints2\{8a7aa21e-9613-11de-b9f2-001e6813dfb5}
Shell\AutoRun\command =F:\lcw.exe
Shell\open\Command =F:\lcw.exe
HKCU\..\..\Explorer\MountPoints2\{9e466f56-d83a-11de-bb17-001e6813dfb5}
Shell\AutoRun\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
Shell\open\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
HKCU\..\..\Explorer\MountPoints2\{b395ec1a-9260-11de-b9df-001e6813dfb5}
Shell\AutoRun\command =F:\mb9x.exe
Shell\open\Command =F:\mb9x.exe
HKCU\..\..\Explorer\MountPoints2\{c10fdd9a-9fa5-11de-ba18-001e6813dfb5}
Shell\AutoRun\command =F:\ewqij.bat
Shell\open\Command =F:\ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{c138a8aa-980d-11de-b9fc-001e6813dfb5}
Shell\AutoRun\command =F:\ewqij.bat
Shell\open\Command =F:\ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{cce5489f-d996-11de-bb21-001e6813dfb5}
Shell\AutoRun\command =F:\jim\carry\jIm.exe
Shell\open\command =F:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{d3209a22-c858-11de-bac7-001e6813dfb5}
Shell\AutoRun\command =RECYCLER\S-51-9-25-3434476501-1644491933-601013347-1214\BSqBT.exe
Shell\open\command =RECYCLER\S-51-9-25-3434476501-1644491933-601013347-1214\BSqBT.exe
HKCU\..\..\Explorer\MountPoints2\{d429b7c7-d4da-11de-bb03-001e6813dfb5}
Shell\AutoRun\command =G:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{d429b7c8-d4da-11de-bb03-001e6813dfb5}
Shell\AutoRun\command =I:\jim\carry\jIm.exe
Shell\open\command =I:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{d5d8712e-c395-11de-bab7-001e6813dfb5}
Shell\AutoRun\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
Shell\open\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
HKCU\..\..\Explorer\MountPoints2\{dbba1830-91c3-11de-b9dc-001986001dc9}
Shell\AutoRun\command =9u.exe
Shell\open\Command =9u.exe
HKCU\..\..\Explorer\MountPoints2\{dce89e50-9680-11de-b9f5-001e6813dfb5}
Shell\AutoRun\command =F:\r6d0.bat
Shell\open\Command =F:\r6d0.bat
HKCU\..\..\Explorer\MountPoints2\{e5d733a2-a9ab-11de-ba44-001e6813dfb5}
Shell\AutoRun\command =F:\AutoRun.exe
HKCU\..\..\Explorer\MountPoints2\{e627aae6-9468-11de-b9ea-001986001dc9}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
Shell\Ouvrir\command =log.exe
HKCU\..\..\Explorer\MountPoints2\{ff0ee784-dd9a-11de-bb2f-001e6813dfb5}
Shell\AutoRun\command =F:\AutoRun.exe
HKCU\..\..\Explorer\MountPoints2\{ff0ee786-dd9a-11de-bb2f-001e6813dfb5}
Shell\AutoRun\command =F:\AutoRun.exe
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DIVERS\UTUNTU N'UTUNDI\Eviews\Crack\eviews4.exe"
10/04/2002 05:31 PM |Size 5701632 |Crc32 2f7c2c7a |Md5 ecccb1ad9bf8d7647dca045bb7d3cda7
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack\Crack.exe"
06/05/2005 11:40 PM |Size 26641 |Crc32 16bb0af5 |Md5 c0305deeb485e8eac7c141a8c8184d54
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\ftpexp\FTP-Expert-3.0x.x-crack\Crack.exe"
06/05/2005 11:40 PM |Size 14349 |Crc32 d2bacc2e |Md5 802f5eabd58fa12351f0008ff58bdc4c
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup.exe"
02/19/2003 09:03 PM |Size 536576 |Crc32 0aae5237 |Md5 013dcc82e5bf9acc0058c1a386d363ea
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DC500.EXE"
03/13/2001 04:41 PM |Size 1998868 |Crc32 b526aa0b |Md5 aa337e287a151e9a308b0fb3026eb8a0
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\EasyRecovery.exe"
02/11/2003 08:27 PM |Size 192512 |Crc32 fd670491 |Md5 72a55ab3193ee05a92a55b28af985725
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\ERDOSDSKFrench.exe"
02/11/2003 08:37 PM |Size 1866755 |Crc32 5a7af0b4 |Md5 bee2e57b5a56642f55c03e438bca29a7
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DOS\easyrec.exe"
02/11/2003 08:35 PM |Size 1215650 |Crc32 0ba260ed |Md5 fa6d2003219b3f9a52edf59d77c830be
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup\setup.exe"
02/11/2003 08:53 PM |Size 32450908 |Crc32 f3bdfd6c |Md5 7fa1727a3e7381f9deb5cfc2c9e1ae82
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Logiciels\Kaspersky.Internet.Security.7.FR.Cracked.+.Key.By.-MqT-\KIS_7.0.0.119.exe"
05/21/2007 08:43 PM |Size 23731352 |Crc32 c796af34 |Md5 c1bedf72706d07dbff448a6c2ce16b9b
"C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\dotnetfx.exe"
08/17/2008 09:03 PM |Size 23510720 |Crc32 7709e3ad |Md5 93a13358898a54643adbca67d1533462
"C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\DVD Architect 4.0.125\dvdarchitect40.exe"
09/14/2006 03:34 PM |Size 43262532 |Crc32 db3d1814 |Md5 50ea945f9c285c962ad75b9c8a886353
"C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\Vegas 7.0a\vegas70a.exe"
09/12/2006 12:10 PM |Size 120229111 |Crc32 4839d847 |Md5 d6f2c62e4b41115c6e1a8112edf31207
"C:\Documents and Settings\Dr MUGANGA\Mes documents\video 9\CRACK\kguvs9.exe"
04/21/2005 11:19 AM |Size 33280 |Crc32 3106bab1 |Md5 23f036222a17d6d4280f3d56a1817467
"C:\Documents and Settings\Dr MUGANGA\Mes documents\video 9\Crack Ulead MediaStudio Pro 8.00.0028 Trial to Full English - Bidjan\samples\MASK\hoart.exe"
10/06/2005 10:07 PM |Size 429056 |Crc32 233a2b4f |Md5 9f31250fbb2cf0c7b2b84f94b2d93a6e
"D:\Documents and Settings\Administrateur\Mes documents\Total Video Converter v3.10 Incl Serial\tvc.exe"
02/20/2007 06:14 PM |Size 5372945 |Crc32 d91d4097 |Md5 2d8bc2e9cb0faa78f459f1b8c7e71513
"F:\DATA\DIVERS\UTUNTU N'UTUNDI\Eviews\Crack\eviews4.exe"
10/04/2002 05:31 PM |Size 5701632 |Crc32 2f7c2c7a |Md5 ecccb1ad9bf8d7647dca045bb7d3cda7
"F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack\Crack.exe"
06/05/2005 11:40 PM |Size 26641 |Crc32 16bb0af5 |Md5 c0305deeb485e8eac7c141a8c8184d54
"F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\ftpexp\FTP-Expert-3.0x.x-crack\Crack.exe"
06/05/2005 11:40 PM |Size 14349 |Crc32 d2bacc2e |Md5 802f5eabd58fa12351f0008ff58bdc4c
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup.exe"
02/19/2003 09:03 PM |Size 536576 |Crc32 0aae5237 |Md5 013dcc82e5bf9acc0058c1a386d363ea
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DC500.EXE"
03/13/2001 04:41 PM |Size 1998868 |Crc32 b526aa0b |Md5 aa337e287a151e9a308b0fb3026eb8a0
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\EasyRecovery.exe"
02/11/2003 08:27 PM |Size 192512 |Crc32 fd670491 |Md5 72a55ab3193ee05a92a55b28af985725
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\ERDOSDSKFrench.exe"
02/11/2003 08:37 PM |Size 1866755 |Crc32 5a7af0b4 |Md5 bee2e57b5a56642f55c03e438bca29a7
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DOS\easyrec.exe"
02/11/2003 08:35 PM |Size 1215650 |Crc32 0ba260ed |Md5 fa6d2003219b3f9a52edf59d77c830be
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup\setup.exe"
02/11/2003 08:53 PM |Size 32450908 |Crc32 f3bdfd6c |Md5 7fa1727a3e7381f9deb5cfc2c9e1ae82
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Logiciels\Kaspersky.Internet.Security.7.FR.Cracked.+.Key.By.-MqT-\KIS_7.0.0.119.exe"
05/21/2007 08:43 PM |Size 23731352 |Crc32 c796af34 |Md5 c1bedf72706d07dbff448a6c2ce16b9b
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack.zip"
-> Contain : Crack.exe 26637 DFLT-X 8% 24497 15-05-2002 06:00:00 dd770920
"F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack.zip"
-> Contain : Crack.exe 26637 DFLT-X 8% 24497 15-05-2002 06:00:00 dd770920
################## | ! Fin du rapport # UsbFix V6.059 ! |
User : Dr MUGANGA (Administrateurs) # DR-1933FA8958FB
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 8:13:04 AM | 12/2/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1367 [VPS 091201-1] 4.8.1367 [ Enabled | Updated ]
C:\ -> Disque fixe local # 50.88 Go (2.48 Go free) [ ] # NTFS
D:\ -> Disque fixe local # 60.89 Go (7.09 Go free) # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 212.9 Go (133.75 Go free) [DR MUGANGA] # NTFS
G:\ -> Disque fixe local # 19.99 Go (13.96 Go free) [Flash Disk] # NTFS
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 492
C:\WINDOWS\system32\csrss.exe 544
C:\WINDOWS\system32\winlogon.exe 576
C:\WINDOWS\system32\services.exe 620
C:\WINDOWS\system32\lsass.exe 632
C:\WINDOWS\system32\svchost.exe 796
C:\WINDOWS\system32\svchost.exe 844
C:\WINDOWS\System32\svchost.exe 936
C:\WINDOWS\system32\svchost.exe 976
C:\WINDOWS\system32\svchost.exe 1060
C:\WINDOWS\system32\svchost.exe 1104
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1212
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1272
C:\WINDOWS\Explorer.EXE 1432
C:\WINDOWS\RTHDCPL.EXE 1548
C:\WINDOWS\system32\RUNDLL32.EXE 1592
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe 1628
C:\Program Files\Nero\Nero 7\InCD\InCD.exe 1640
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe 1648
C:\WINDOWS\system32\rundll32.exe 1656
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1684
C:\Program Files\Winamp\Winampa.exe 1772
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 1796
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1804
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1816
C:\WINDOWS\system32\ctfmon.exe 1824
C:\Program Files\SuperCopier2\SuperCopier2.exe 1844
C:\Program Files\BitComet\BitComet.exe 1876
C:\Program Files\Skype\Phone\Skype.exe 1956
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE 1996
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe 2020
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKP.EXE 356
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 372
C:\WINDOWS\system32\spoolsv.exe 412
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe 1512
C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE 1776
C:\WINDOWS\system32\agrsmsvc.exe 2160
C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE 2180
C:\Program Files\Bonjour\mDNSResponder.exe 2188
C:\WINDOWS\system32\svchost.exe 2204
C:\DOCUME~1\DRMUGA~1\LOCALS~1\Temp\RtkBtMnt.exe 2336
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 2444
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2516
C:\WINDOWS\system32\nvsvc32.exe 2636
C:\WINDOWS\system32\HPZipm12.exe 2692
C:\WINDOWS\system32\svchost.exe 2788
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe 2868
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2948
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2980
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3448
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3600
C:\WINDOWS\system32\wscntfy.exe 3764
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 3832
C:\WINDOWS\System32\alg.exe 4004
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe 548
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe 1380
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe 2232
C:\Program Files\Skype\Plugin Manager\skypePM.exe 724
C:\Program Files\Internet Explorer\iexplore.exe 3392
C:\WINDOWS\system32\wbem\wmiprvse.exe 1588
################## | Fichiers # Dossiers infectieux |
C:\autorun.inf
C:\autorun.inf -> fichier appelé : "C:\ngp8l.exe" ( Présent ! )
C:\ngp8l.exe
D:\autorun.inf
D:\autorun.inf -> fichier appelé : "D:\ngp8l.exe" ( Absent ! )
F:\autorun.inf
F:\autorun.inf -> fichier appelé : "F:\wu1n.exe" ( Absent ! )
F:\lphfa.exe
F:\vk0w.exe
G:\autorun.inf
G:\autorun.inf -> fichier appelé : "G:\wu1n.exe" ( Absent ! )
G:\9g86.exe
################## | Spyware.OnlineGames |
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP100\A0038553.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP131\A0044887.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP131\A0044909.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0044971.DLL
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0044986.DLL
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045004.EXE
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045039.EXE
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045051.DLL
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045110.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP134\A0045139.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045171.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP154\A0047055.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP154\A0047058.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047201.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047203.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047204.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047206.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047207.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047209.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047210.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047211.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047213.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047216.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047220.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047227.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047228.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047230.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047231.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047234.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047238.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047239.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047240.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047242.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047250.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047250.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047268.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047279.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047291.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047291.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP156\A0047293.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047738.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047763.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047768.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP93\A0035978.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036793.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036802.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036804.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036849.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036858.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036895.exe
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036896.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037319.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037343.dll
C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037348.dll
################## | Registre # Clés infectieuses |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
[HKLM\SOFTWARE\Classes\CLSID\MADOWN]
[HKCR\CLSID\MADOWN]
[HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]
[HKLM\SYSTEM\ControlSet001\Services\AVPsys]
[HKLM\SYSTEM\ControlSet002\Services\AVPsys]
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\F
Shell\AutoRun\command =F:\AutoRun.exe
HKCU\..\..\Explorer\MountPoints2\{053470ac-d02b-11de-baf1-001e6813dfb5}
Shell\AutoRun\command =F:\jim\carry\jIm.exe
Shell\open\command =F:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{2fe914c1-acc6-11de-ba4f-001e6813dfb5}
Shell\AutoRun\command =wu1n.exe
Shell\open\Command =wu1n.exe
HKCU\..\..\Explorer\MountPoints2\{2fe914c2-acc6-11de-ba4f-001e6813dfb5}
Shell\AutoRun\command =wu1n.exe
Shell\open\Command =wu1n.exe
HKCU\..\..\Explorer\MountPoints2\{31557b3a-9508-11de-b9ec-001e6813dfb5}
Shell\AutoRun\command =F:\s.exe
Shell\open\Command =F:\s.exe
HKCU\..\..\Explorer\MountPoints2\{320fa499-a36c-11de-ba28-001986001dc9}
Shell\AutoRun\command =G:\ewqij.bat
Shell\open\Command =G:\ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{320fa49a-a36c-11de-ba28-001986001dc9}
Shell\AutoRun\command =ewqij.bat
Shell\open\Command =ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{4609c6cc-bef8-11de-baa3-001e6813dfb5}
Shell\AutoRun\command =F:\bycfht.exe
Shell\open\Command =F:\bycfht.exe
HKCU\..\..\Explorer\MountPoints2\{48b8604a-c3bf-11de-bab8-001e6813dfb5}
Shell\AutoRun\command =F:\jim\carry\jIm.exe
Shell\open\command =F:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{8433b00c-940f-11de-b9e8-001986001dc9}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
Shell\Ouvrir\command =log.exe
HKCU\..\..\Explorer\MountPoints2\{8433b00f-940f-11de-b9e8-001986001dc9}
Shell\AutoRun\command =H:\ewqij.bat
Shell\open\Command =H:\ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{89125929-d00a-11de-baed-001e6813dfb5}
Shell\AutoRun\command =G:\jim\carry\jIm.exe
Shell\open\command =G:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{894395ae-d025-11de-baf0-001f3a0f7959}
Shell\AutoRun\command =F:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe
Shell\open\command =F:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe
HKCU\..\..\Explorer\MountPoints2\{8a7aa21e-9613-11de-b9f2-001e6813dfb5}
Shell\AutoRun\command =F:\lcw.exe
Shell\open\Command =F:\lcw.exe
HKCU\..\..\Explorer\MountPoints2\{9e466f56-d83a-11de-bb17-001e6813dfb5}
Shell\AutoRun\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
Shell\open\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
HKCU\..\..\Explorer\MountPoints2\{b395ec1a-9260-11de-b9df-001e6813dfb5}
Shell\AutoRun\command =F:\mb9x.exe
Shell\open\Command =F:\mb9x.exe
HKCU\..\..\Explorer\MountPoints2\{c10fdd9a-9fa5-11de-ba18-001e6813dfb5}
Shell\AutoRun\command =F:\ewqij.bat
Shell\open\Command =F:\ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{c138a8aa-980d-11de-b9fc-001e6813dfb5}
Shell\AutoRun\command =F:\ewqij.bat
Shell\open\Command =F:\ewqij.bat
HKCU\..\..\Explorer\MountPoints2\{cce5489f-d996-11de-bb21-001e6813dfb5}
Shell\AutoRun\command =F:\jim\carry\jIm.exe
Shell\open\command =F:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{d3209a22-c858-11de-bac7-001e6813dfb5}
Shell\AutoRun\command =RECYCLER\S-51-9-25-3434476501-1644491933-601013347-1214\BSqBT.exe
Shell\open\command =RECYCLER\S-51-9-25-3434476501-1644491933-601013347-1214\BSqBT.exe
HKCU\..\..\Explorer\MountPoints2\{d429b7c7-d4da-11de-bb03-001e6813dfb5}
Shell\AutoRun\command =G:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{d429b7c8-d4da-11de-bb03-001e6813dfb5}
Shell\AutoRun\command =I:\jim\carry\jIm.exe
Shell\open\command =I:\jim\carry\jIm.exe
HKCU\..\..\Explorer\MountPoints2\{d5d8712e-c395-11de-bab7-001e6813dfb5}
Shell\AutoRun\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
Shell\open\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
HKCU\..\..\Explorer\MountPoints2\{dbba1830-91c3-11de-b9dc-001986001dc9}
Shell\AutoRun\command =9u.exe
Shell\open\Command =9u.exe
HKCU\..\..\Explorer\MountPoints2\{dce89e50-9680-11de-b9f5-001e6813dfb5}
Shell\AutoRun\command =F:\r6d0.bat
Shell\open\Command =F:\r6d0.bat
HKCU\..\..\Explorer\MountPoints2\{e5d733a2-a9ab-11de-ba44-001e6813dfb5}
Shell\AutoRun\command =F:\AutoRun.exe
HKCU\..\..\Explorer\MountPoints2\{e627aae6-9468-11de-b9ea-001986001dc9}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
Shell\Ouvrir\command =log.exe
HKCU\..\..\Explorer\MountPoints2\{ff0ee784-dd9a-11de-bb2f-001e6813dfb5}
Shell\AutoRun\command =F:\AutoRun.exe
HKCU\..\..\Explorer\MountPoints2\{ff0ee786-dd9a-11de-bb2f-001e6813dfb5}
Shell\AutoRun\command =F:\AutoRun.exe
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DIVERS\UTUNTU N'UTUNDI\Eviews\Crack\eviews4.exe"
10/04/2002 05:31 PM |Size 5701632 |Crc32 2f7c2c7a |Md5 ecccb1ad9bf8d7647dca045bb7d3cda7
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack\Crack.exe"
06/05/2005 11:40 PM |Size 26641 |Crc32 16bb0af5 |Md5 c0305deeb485e8eac7c141a8c8184d54
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\ftpexp\FTP-Expert-3.0x.x-crack\Crack.exe"
06/05/2005 11:40 PM |Size 14349 |Crc32 d2bacc2e |Md5 802f5eabd58fa12351f0008ff58bdc4c
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup.exe"
02/19/2003 09:03 PM |Size 536576 |Crc32 0aae5237 |Md5 013dcc82e5bf9acc0058c1a386d363ea
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DC500.EXE"
03/13/2001 04:41 PM |Size 1998868 |Crc32 b526aa0b |Md5 aa337e287a151e9a308b0fb3026eb8a0
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\EasyRecovery.exe"
02/11/2003 08:27 PM |Size 192512 |Crc32 fd670491 |Md5 72a55ab3193ee05a92a55b28af985725
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\ERDOSDSKFrench.exe"
02/11/2003 08:37 PM |Size 1866755 |Crc32 5a7af0b4 |Md5 bee2e57b5a56642f55c03e438bca29a7
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DOS\easyrec.exe"
02/11/2003 08:35 PM |Size 1215650 |Crc32 0ba260ed |Md5 fa6d2003219b3f9a52edf59d77c830be
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup\setup.exe"
02/11/2003 08:53 PM |Size 32450908 |Crc32 f3bdfd6c |Md5 7fa1727a3e7381f9deb5cfc2c9e1ae82
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Logiciels\Kaspersky.Internet.Security.7.FR.Cracked.+.Key.By.-MqT-\KIS_7.0.0.119.exe"
05/21/2007 08:43 PM |Size 23731352 |Crc32 c796af34 |Md5 c1bedf72706d07dbff448a6c2ce16b9b
"C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\dotnetfx.exe"
08/17/2008 09:03 PM |Size 23510720 |Crc32 7709e3ad |Md5 93a13358898a54643adbca67d1533462
"C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\DVD Architect 4.0.125\dvdarchitect40.exe"
09/14/2006 03:34 PM |Size 43262532 |Crc32 db3d1814 |Md5 50ea945f9c285c962ad75b9c8a886353
"C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\Vegas 7.0a\vegas70a.exe"
09/12/2006 12:10 PM |Size 120229111 |Crc32 4839d847 |Md5 d6f2c62e4b41115c6e1a8112edf31207
"C:\Documents and Settings\Dr MUGANGA\Mes documents\video 9\CRACK\kguvs9.exe"
04/21/2005 11:19 AM |Size 33280 |Crc32 3106bab1 |Md5 23f036222a17d6d4280f3d56a1817467
"C:\Documents and Settings\Dr MUGANGA\Mes documents\video 9\Crack Ulead MediaStudio Pro 8.00.0028 Trial to Full English - Bidjan\samples\MASK\hoart.exe"
10/06/2005 10:07 PM |Size 429056 |Crc32 233a2b4f |Md5 9f31250fbb2cf0c7b2b84f94b2d93a6e
"D:\Documents and Settings\Administrateur\Mes documents\Total Video Converter v3.10 Incl Serial\tvc.exe"
02/20/2007 06:14 PM |Size 5372945 |Crc32 d91d4097 |Md5 2d8bc2e9cb0faa78f459f1b8c7e71513
"F:\DATA\DIVERS\UTUNTU N'UTUNDI\Eviews\Crack\eviews4.exe"
10/04/2002 05:31 PM |Size 5701632 |Crc32 2f7c2c7a |Md5 ecccb1ad9bf8d7647dca045bb7d3cda7
"F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack\Crack.exe"
06/05/2005 11:40 PM |Size 26641 |Crc32 16bb0af5 |Md5 c0305deeb485e8eac7c141a8c8184d54
"F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\ftpexp\FTP-Expert-3.0x.x-crack\Crack.exe"
06/05/2005 11:40 PM |Size 14349 |Crc32 d2bacc2e |Md5 802f5eabd58fa12351f0008ff58bdc4c
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup.exe"
02/19/2003 09:03 PM |Size 536576 |Crc32 0aae5237 |Md5 013dcc82e5bf9acc0058c1a386d363ea
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DC500.EXE"
03/13/2001 04:41 PM |Size 1998868 |Crc32 b526aa0b |Md5 aa337e287a151e9a308b0fb3026eb8a0
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\EasyRecovery.exe"
02/11/2003 08:27 PM |Size 192512 |Crc32 fd670491 |Md5 72a55ab3193ee05a92a55b28af985725
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\ERDOSDSKFrench.exe"
02/11/2003 08:37 PM |Size 1866755 |Crc32 5a7af0b4 |Md5 bee2e57b5a56642f55c03e438bca29a7
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DOS\easyrec.exe"
02/11/2003 08:35 PM |Size 1215650 |Crc32 0ba260ed |Md5 fa6d2003219b3f9a52edf59d77c830be
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup\setup.exe"
02/11/2003 08:53 PM |Size 32450908 |Crc32 f3bdfd6c |Md5 7fa1727a3e7381f9deb5cfc2c9e1ae82
"F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Logiciels\Kaspersky.Internet.Security.7.FR.Cracked.+.Key.By.-MqT-\KIS_7.0.0.119.exe"
05/21/2007 08:43 PM |Size 23731352 |Crc32 c796af34 |Md5 c1bedf72706d07dbff448a6c2ce16b9b
"C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack.zip"
-> Contain : Crack.exe 26637 DFLT-X 8% 24497 15-05-2002 06:00:00 dd770920
"F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack.zip"
-> Contain : Crack.exe 26637 DFLT-X 8% 24497 15-05-2002 06:00:00 dd770920
################## | ! Fin du rapport # UsbFix V6.059 ! |