Dq4qxste.exe

mugs -  
 gen-hackman -
Bonjour,
J'ai un message qui s'affiche sur ma machine depuis trois jours a chaque fois que je demarre ma machine. Ce message est le suivant:(C:\Documen~1\User~1\dq4qxste.exe)
J'ai une configuration Windows XP Professionnel en francais,
Merci de votre aide.
Configuration: Windows XP Internet Explorer 6.0

2 réponses

  1. gen-hackman
     
    salut :

    ▶ Télécharge et install UsbFix par Chiquitine29

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    ▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

    ▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    ▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    ▶ Laisse travailler l'outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

    Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. mugs
       
      ############################## | UsbFix V6.059 |

      User : Dr MUGANGA (Administrateurs) # DR-1933FA8958FB
      Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 8:13:04 AM | 12/2/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      Internet Explorer 6.0.2900.2180
      Windows Firewall Status : Enabled
      AV : avast! antivirus 4.8.1367 [VPS 091201-1] 4.8.1367 [ Enabled | Updated ]

      C:\ -> Disque fixe local # 50.88 Go (2.48 Go free) [ ] # NTFS
      D:\ -> Disque fixe local # 60.89 Go (7.09 Go free) # NTFS
      E:\ -> Disque CD-ROM
      F:\ -> Disque fixe local # 212.9 Go (133.75 Go free) [DR MUGANGA] # NTFS
      G:\ -> Disque fixe local # 19.99 Go (13.96 Go free) [Flash Disk] # NTFS

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe 492
      C:\WINDOWS\system32\csrss.exe 544
      C:\WINDOWS\system32\winlogon.exe 576
      C:\WINDOWS\system32\services.exe 620
      C:\WINDOWS\system32\lsass.exe 632
      C:\WINDOWS\system32\svchost.exe 796
      C:\WINDOWS\system32\svchost.exe 844
      C:\WINDOWS\System32\svchost.exe 936
      C:\WINDOWS\system32\svchost.exe 976
      C:\WINDOWS\system32\svchost.exe 1060
      C:\WINDOWS\system32\svchost.exe 1104
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1212
      C:\Program Files\Alwil Software\Avast4\ashServ.exe 1272
      C:\WINDOWS\Explorer.EXE 1432
      C:\WINDOWS\RTHDCPL.EXE 1548
      C:\WINDOWS\system32\RUNDLL32.EXE 1592
      C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe 1628
      C:\Program Files\Nero\Nero 7\InCD\InCD.exe 1640
      C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe 1648
      C:\WINDOWS\system32\rundll32.exe 1656
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1684
      C:\Program Files\Winamp\Winampa.exe 1772
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 1796
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1804
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1816
      C:\WINDOWS\system32\ctfmon.exe 1824
      C:\Program Files\SuperCopier2\SuperCopier2.exe 1844
      C:\Program Files\BitComet\BitComet.exe 1876
      C:\Program Files\Skype\Phone\Skype.exe 1956
      C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE 1996
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe 2020
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKP.EXE 356
      C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 372
      C:\WINDOWS\system32\spoolsv.exe 412
      C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe 1512
      C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE 1776
      C:\WINDOWS\system32\agrsmsvc.exe 2160
      C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE 2180
      C:\Program Files\Bonjour\mDNSResponder.exe 2188
      C:\WINDOWS\system32\svchost.exe 2204
      C:\DOCUME~1\DRMUGA~1\LOCALS~1\Temp\RtkBtMnt.exe 2336
      C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 2444
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2516
      C:\WINDOWS\system32\nvsvc32.exe 2636
      C:\WINDOWS\system32\HPZipm12.exe 2692
      C:\WINDOWS\system32\svchost.exe 2788
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe 2868
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2948
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2980
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3448
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3600
      C:\WINDOWS\system32\wscntfy.exe 3764
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 3832
      C:\WINDOWS\System32\alg.exe 4004
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe 548
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe 1380
      C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe 2232
      C:\Program Files\Skype\Plugin Manager\skypePM.exe 724
      C:\Program Files\Internet Explorer\iexplore.exe 3392
      C:\WINDOWS\system32\wbem\wmiprvse.exe 1588

      ################## | Fichiers # Dossiers infectieux |

      C:\autorun.inf
      C:\autorun.inf -> fichier appelé : "C:\ngp8l.exe" ( Présent ! )
      C:\ngp8l.exe
      D:\autorun.inf
      D:\autorun.inf -> fichier appelé : "D:\ngp8l.exe" ( Absent ! )
      F:\autorun.inf
      F:\autorun.inf -> fichier appelé : "F:\wu1n.exe" ( Absent ! )
      F:\lphfa.exe
      F:\vk0w.exe
      G:\autorun.inf
      G:\autorun.inf -> fichier appelé : "G:\wu1n.exe" ( Absent ! )
      G:\9g86.exe

      ################## | Spyware.OnlineGames |

      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP100\A0038553.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP131\A0044887.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP131\A0044909.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0044971.DLL
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0044986.DLL
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045004.EXE
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045039.EXE
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045051.DLL
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045110.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP134\A0045139.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045171.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP154\A0047055.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP154\A0047058.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047201.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047203.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047204.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047206.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047207.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047209.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047210.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047211.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047213.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047216.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047220.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047227.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047228.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047230.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047231.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047234.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047238.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047239.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047240.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047242.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047250.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047250.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047268.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047279.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047291.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047291.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP156\A0047293.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047738.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047763.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047768.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP93\A0035978.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036793.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036802.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036804.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036849.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036858.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036895.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036896.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037319.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037343.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037348.dll

      ################## | Registre # Clés infectieuses |

      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
      [HKLM\SOFTWARE\Classes\CLSID\MADOWN]
      [HKCR\CLSID\MADOWN]
      [HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]
      [HKLM\SYSTEM\ControlSet001\Services\AVPsys]
      [HKLM\SYSTEM\ControlSet002\Services\AVPsys]

      ################## | Registre # Mountpoints2 |

      HKCU\..\..\Explorer\MountPoints2\F
      Shell\AutoRun\command =F:\AutoRun.exe

      HKCU\..\..\Explorer\MountPoints2\{053470ac-d02b-11de-baf1-001e6813dfb5}
      Shell\AutoRun\command =F:\jim\carry\jIm.exe
      Shell\open\command =F:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{2fe914c1-acc6-11de-ba4f-001e6813dfb5}
      Shell\AutoRun\command =wu1n.exe
      Shell\open\Command =wu1n.exe

      HKCU\..\..\Explorer\MountPoints2\{2fe914c2-acc6-11de-ba4f-001e6813dfb5}
      Shell\AutoRun\command =wu1n.exe
      Shell\open\Command =wu1n.exe

      HKCU\..\..\Explorer\MountPoints2\{31557b3a-9508-11de-b9ec-001e6813dfb5}
      Shell\AutoRun\command =F:\s.exe
      Shell\open\Command =F:\s.exe

      HKCU\..\..\Explorer\MountPoints2\{320fa499-a36c-11de-ba28-001986001dc9}
      Shell\AutoRun\command =G:\ewqij.bat
      Shell\open\Command =G:\ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{320fa49a-a36c-11de-ba28-001986001dc9}
      Shell\AutoRun\command =ewqij.bat
      Shell\open\Command =ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{4609c6cc-bef8-11de-baa3-001e6813dfb5}
      Shell\AutoRun\command =F:\bycfht.exe
      Shell\open\Command =F:\bycfht.exe

      HKCU\..\..\Explorer\MountPoints2\{48b8604a-c3bf-11de-bab8-001e6813dfb5}
      Shell\AutoRun\command =F:\jim\carry\jIm.exe
      Shell\open\command =F:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{8433b00c-940f-11de-b9e8-001986001dc9}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
      Shell\Ouvrir\command =log.exe

      HKCU\..\..\Explorer\MountPoints2\{8433b00f-940f-11de-b9e8-001986001dc9}
      Shell\AutoRun\command =H:\ewqij.bat
      Shell\open\Command =H:\ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{89125929-d00a-11de-baed-001e6813dfb5}
      Shell\AutoRun\command =G:\jim\carry\jIm.exe
      Shell\open\command =G:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{894395ae-d025-11de-baf0-001f3a0f7959}
      Shell\AutoRun\command =F:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe
      Shell\open\command =F:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe

      HKCU\..\..\Explorer\MountPoints2\{8a7aa21e-9613-11de-b9f2-001e6813dfb5}
      Shell\AutoRun\command =F:\lcw.exe
      Shell\open\Command =F:\lcw.exe

      HKCU\..\..\Explorer\MountPoints2\{9e466f56-d83a-11de-bb17-001e6813dfb5}
      Shell\AutoRun\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
      Shell\open\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe

      HKCU\..\..\Explorer\MountPoints2\{b395ec1a-9260-11de-b9df-001e6813dfb5}
      Shell\AutoRun\command =F:\mb9x.exe
      Shell\open\Command =F:\mb9x.exe

      HKCU\..\..\Explorer\MountPoints2\{c10fdd9a-9fa5-11de-ba18-001e6813dfb5}
      Shell\AutoRun\command =F:\ewqij.bat
      Shell\open\Command =F:\ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{c138a8aa-980d-11de-b9fc-001e6813dfb5}
      Shell\AutoRun\command =F:\ewqij.bat
      Shell\open\Command =F:\ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{cce5489f-d996-11de-bb21-001e6813dfb5}
      Shell\AutoRun\command =F:\jim\carry\jIm.exe
      Shell\open\command =F:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{d3209a22-c858-11de-bac7-001e6813dfb5}
      Shell\AutoRun\command =RECYCLER\S-51-9-25-3434476501-1644491933-601013347-1214\BSqBT.exe
      Shell\open\command =RECYCLER\S-51-9-25-3434476501-1644491933-601013347-1214\BSqBT.exe

      HKCU\..\..\Explorer\MountPoints2\{d429b7c7-d4da-11de-bb03-001e6813dfb5}
      Shell\AutoRun\command =G:\LaunchU3.exe -a

      HKCU\..\..\Explorer\MountPoints2\{d429b7c8-d4da-11de-bb03-001e6813dfb5}
      Shell\AutoRun\command =I:\jim\carry\jIm.exe
      Shell\open\command =I:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{d5d8712e-c395-11de-bab7-001e6813dfb5}
      Shell\AutoRun\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
      Shell\open\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe

      HKCU\..\..\Explorer\MountPoints2\{dbba1830-91c3-11de-b9dc-001986001dc9}
      Shell\AutoRun\command =9u.exe
      Shell\open\Command =9u.exe

      HKCU\..\..\Explorer\MountPoints2\{dce89e50-9680-11de-b9f5-001e6813dfb5}
      Shell\AutoRun\command =F:\r6d0.bat
      Shell\open\Command =F:\r6d0.bat

      HKCU\..\..\Explorer\MountPoints2\{e5d733a2-a9ab-11de-ba44-001e6813dfb5}
      Shell\AutoRun\command =F:\AutoRun.exe

      HKCU\..\..\Explorer\MountPoints2\{e627aae6-9468-11de-b9ea-001986001dc9}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
      Shell\Ouvrir\command =log.exe

      HKCU\..\..\Explorer\MountPoints2\{ff0ee784-dd9a-11de-bb2f-001e6813dfb5}
      Shell\AutoRun\command =F:\AutoRun.exe

      HKCU\..\..\Explorer\MountPoints2\{ff0ee786-dd9a-11de-bb2f-001e6813dfb5}
      Shell\AutoRun\command =F:\AutoRun.exe

      ################## | Cracks / Keygens / Serials |

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DIVERS\UTUNTU N'UTUNDI\Eviews\Crack\eviews4.exe"
      10/04/2002 05:31 PM |Size 5701632 |Crc32 2f7c2c7a |Md5 ecccb1ad9bf8d7647dca045bb7d3cda7

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack\Crack.exe"
      06/05/2005 11:40 PM |Size 26641 |Crc32 16bb0af5 |Md5 c0305deeb485e8eac7c141a8c8184d54

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\ftpexp\FTP-Expert-3.0x.x-crack\Crack.exe"
      06/05/2005 11:40 PM |Size 14349 |Crc32 d2bacc2e |Md5 802f5eabd58fa12351f0008ff58bdc4c

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup.exe"
      02/19/2003 09:03 PM |Size 536576 |Crc32 0aae5237 |Md5 013dcc82e5bf9acc0058c1a386d363ea

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DC500.EXE"
      03/13/2001 04:41 PM |Size 1998868 |Crc32 b526aa0b |Md5 aa337e287a151e9a308b0fb3026eb8a0

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\EasyRecovery.exe"
      02/11/2003 08:27 PM |Size 192512 |Crc32 fd670491 |Md5 72a55ab3193ee05a92a55b28af985725

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\ERDOSDSKFrench.exe"
      02/11/2003 08:37 PM |Size 1866755 |Crc32 5a7af0b4 |Md5 bee2e57b5a56642f55c03e438bca29a7

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DOS\easyrec.exe"
      02/11/2003 08:35 PM |Size 1215650 |Crc32 0ba260ed |Md5 fa6d2003219b3f9a52edf59d77c830be

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup\setup.exe"
      02/11/2003 08:53 PM |Size 32450908 |Crc32 f3bdfd6c |Md5 7fa1727a3e7381f9deb5cfc2c9e1ae82

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Logiciels\Kaspersky.Internet.Security.7.FR.Cracked.+.Key.By.-MqT-\KIS_7.0.0.119.exe"
      05/21/2007 08:43 PM |Size 23731352 |Crc32 c796af34 |Md5 c1bedf72706d07dbff448a6c2ce16b9b

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\dotnetfx.exe"
      08/17/2008 09:03 PM |Size 23510720 |Crc32 7709e3ad |Md5 93a13358898a54643adbca67d1533462

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\DVD Architect 4.0.125\dvdarchitect40.exe"
      09/14/2006 03:34 PM |Size 43262532 |Crc32 db3d1814 |Md5 50ea945f9c285c962ad75b9c8a886353

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\Vegas 7.0a\vegas70a.exe"
      09/12/2006 12:10 PM |Size 120229111 |Crc32 4839d847 |Md5 d6f2c62e4b41115c6e1a8112edf31207

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\video 9\CRACK\kguvs9.exe"
      04/21/2005 11:19 AM |Size 33280 |Crc32 3106bab1 |Md5 23f036222a17d6d4280f3d56a1817467

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\video 9\Crack Ulead MediaStudio Pro 8.00.0028 Trial to Full English - Bidjan\samples\MASK\hoart.exe"
      10/06/2005 10:07 PM |Size 429056 |Crc32 233a2b4f |Md5 9f31250fbb2cf0c7b2b84f94b2d93a6e

      "D:\Documents and Settings\Administrateur\Mes documents\Total Video Converter v3.10 Incl Serial\tvc.exe"
      02/20/2007 06:14 PM |Size 5372945 |Crc32 d91d4097 |Md5 2d8bc2e9cb0faa78f459f1b8c7e71513

      "F:\DATA\DIVERS\UTUNTU N'UTUNDI\Eviews\Crack\eviews4.exe"
      10/04/2002 05:31 PM |Size 5701632 |Crc32 2f7c2c7a |Md5 ecccb1ad9bf8d7647dca045bb7d3cda7

      "F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack\Crack.exe"
      06/05/2005 11:40 PM |Size 26641 |Crc32 16bb0af5 |Md5 c0305deeb485e8eac7c141a8c8184d54

      "F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\ftpexp\FTP-Expert-3.0x.x-crack\Crack.exe"
      06/05/2005 11:40 PM |Size 14349 |Crc32 d2bacc2e |Md5 802f5eabd58fa12351f0008ff58bdc4c

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup.exe"
      02/19/2003 09:03 PM |Size 536576 |Crc32 0aae5237 |Md5 013dcc82e5bf9acc0058c1a386d363ea

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DC500.EXE"
      03/13/2001 04:41 PM |Size 1998868 |Crc32 b526aa0b |Md5 aa337e287a151e9a308b0fb3026eb8a0

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\EasyRecovery.exe"
      02/11/2003 08:27 PM |Size 192512 |Crc32 fd670491 |Md5 72a55ab3193ee05a92a55b28af985725

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\ERDOSDSKFrench.exe"
      02/11/2003 08:37 PM |Size 1866755 |Crc32 5a7af0b4 |Md5 bee2e57b5a56642f55c03e438bca29a7

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DOS\easyrec.exe"
      02/11/2003 08:35 PM |Size 1215650 |Crc32 0ba260ed |Md5 fa6d2003219b3f9a52edf59d77c830be

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup\setup.exe"
      02/11/2003 08:53 PM |Size 32450908 |Crc32 f3bdfd6c |Md5 7fa1727a3e7381f9deb5cfc2c9e1ae82

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Logiciels\Kaspersky.Internet.Security.7.FR.Cracked.+.Key.By.-MqT-\KIS_7.0.0.119.exe"
      05/21/2007 08:43 PM |Size 23731352 |Crc32 c796af34 |Md5 c1bedf72706d07dbff448a6c2ce16b9b

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack.zip"
      -> Contain : Crack.exe 26637 DFLT-X 8% 24497 15-05-2002 06:00:00 dd770920

      "F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack.zip"
      -> Contain : Crack.exe 26637 DFLT-X 8% 24497 15-05-2002 06:00:00 dd770920


      ################## | ! Fin du rapport # UsbFix V6.059 ! |
      0
    2. mugs
       
      ############################## | UsbFix V6.059 |

      User : Dr MUGANGA (Administrateurs) # DR-1933FA8958FB
      Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 8:13:04 AM | 12/2/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      Internet Explorer 6.0.2900.2180
      Windows Firewall Status : Enabled
      AV : avast! antivirus 4.8.1367 [VPS 091201-1] 4.8.1367 [ Enabled | Updated ]

      C:\ -> Disque fixe local # 50.88 Go (2.48 Go free) [ ] # NTFS
      D:\ -> Disque fixe local # 60.89 Go (7.09 Go free) # NTFS
      E:\ -> Disque CD-ROM
      F:\ -> Disque fixe local # 212.9 Go (133.75 Go free) [DR MUGANGA] # NTFS
      G:\ -> Disque fixe local # 19.99 Go (13.96 Go free) [Flash Disk] # NTFS

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe 492
      C:\WINDOWS\system32\csrss.exe 544
      C:\WINDOWS\system32\winlogon.exe 576
      C:\WINDOWS\system32\services.exe 620
      C:\WINDOWS\system32\lsass.exe 632
      C:\WINDOWS\system32\svchost.exe 796
      C:\WINDOWS\system32\svchost.exe 844
      C:\WINDOWS\System32\svchost.exe 936
      C:\WINDOWS\system32\svchost.exe 976
      C:\WINDOWS\system32\svchost.exe 1060
      C:\WINDOWS\system32\svchost.exe 1104
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1212
      C:\Program Files\Alwil Software\Avast4\ashServ.exe 1272
      C:\WINDOWS\Explorer.EXE 1432
      C:\WINDOWS\RTHDCPL.EXE 1548
      C:\WINDOWS\system32\RUNDLL32.EXE 1592
      C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe 1628
      C:\Program Files\Nero\Nero 7\InCD\InCD.exe 1640
      C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe 1648
      C:\WINDOWS\system32\rundll32.exe 1656
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1684
      C:\Program Files\Winamp\Winampa.exe 1772
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 1796
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1804
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1816
      C:\WINDOWS\system32\ctfmon.exe 1824
      C:\Program Files\SuperCopier2\SuperCopier2.exe 1844
      C:\Program Files\BitComet\BitComet.exe 1876
      C:\Program Files\Skype\Phone\Skype.exe 1956
      C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE 1996
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe 2020
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKP.EXE 356
      C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 372
      C:\WINDOWS\system32\spoolsv.exe 412
      C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe 1512
      C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE 1776
      C:\WINDOWS\system32\agrsmsvc.exe 2160
      C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE 2180
      C:\Program Files\Bonjour\mDNSResponder.exe 2188
      C:\WINDOWS\system32\svchost.exe 2204
      C:\DOCUME~1\DRMUGA~1\LOCALS~1\Temp\RtkBtMnt.exe 2336
      C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 2444
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 2516
      C:\WINDOWS\system32\nvsvc32.exe 2636
      C:\WINDOWS\system32\HPZipm12.exe 2692
      C:\WINDOWS\system32\svchost.exe 2788
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe 2868
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2948
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2980
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3448
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3600
      C:\WINDOWS\system32\wscntfy.exe 3764
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 3832
      C:\WINDOWS\System32\alg.exe 4004
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe 548
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe 1380
      C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe 2232
      C:\Program Files\Skype\Plugin Manager\skypePM.exe 724
      C:\Program Files\Internet Explorer\iexplore.exe 3392
      C:\WINDOWS\system32\wbem\wmiprvse.exe 1588

      ################## | Fichiers # Dossiers infectieux |

      C:\autorun.inf
      C:\autorun.inf -> fichier appelé : "C:\ngp8l.exe" ( Présent ! )
      C:\ngp8l.exe
      D:\autorun.inf
      D:\autorun.inf -> fichier appelé : "D:\ngp8l.exe" ( Absent ! )
      F:\autorun.inf
      F:\autorun.inf -> fichier appelé : "F:\wu1n.exe" ( Absent ! )
      F:\lphfa.exe
      F:\vk0w.exe
      G:\autorun.inf
      G:\autorun.inf -> fichier appelé : "G:\wu1n.exe" ( Absent ! )
      G:\9g86.exe

      ################## | Spyware.OnlineGames |

      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP100\A0038553.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP131\A0044887.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP131\A0044909.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0044971.DLL
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0044986.DLL
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045004.EXE
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045039.EXE
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045051.DLL
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP133\A0045110.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP134\A0045139.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045156.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP135\A0045171.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP154\A0047055.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP154\A0047058.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047201.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047203.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047204.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047206.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047207.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047209.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047210.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047211.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047213.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047216.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047220.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047227.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047228.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047230.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047231.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047234.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047238.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047239.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047240.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047242.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047250.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047250.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047268.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047279.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047291.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP155\A0047291.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP156\A0047293.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047738.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047763.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP159\A0047768.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP93\A0035978.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036793.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036802.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP94\A0036804.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036849.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036858.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036895.exe
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP95\A0036896.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037319.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037343.dll
      C:\System Volume Information\_restore{4DFD5FA6-2E4B-4315-BAF9-ADCB9E1727FC}\RP98\A0037348.dll

      ################## | Registre # Clés infectieuses |

      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
      [HKLM\SOFTWARE\Classes\CLSID\MADOWN]
      [HKCR\CLSID\MADOWN]
      [HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]
      [HKLM\SYSTEM\ControlSet001\Services\AVPsys]
      [HKLM\SYSTEM\ControlSet002\Services\AVPsys]

      ################## | Registre # Mountpoints2 |

      HKCU\..\..\Explorer\MountPoints2\F
      Shell\AutoRun\command =F:\AutoRun.exe

      HKCU\..\..\Explorer\MountPoints2\{053470ac-d02b-11de-baf1-001e6813dfb5}
      Shell\AutoRun\command =F:\jim\carry\jIm.exe
      Shell\open\command =F:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{2fe914c1-acc6-11de-ba4f-001e6813dfb5}
      Shell\AutoRun\command =wu1n.exe
      Shell\open\Command =wu1n.exe

      HKCU\..\..\Explorer\MountPoints2\{2fe914c2-acc6-11de-ba4f-001e6813dfb5}
      Shell\AutoRun\command =wu1n.exe
      Shell\open\Command =wu1n.exe

      HKCU\..\..\Explorer\MountPoints2\{31557b3a-9508-11de-b9ec-001e6813dfb5}
      Shell\AutoRun\command =F:\s.exe
      Shell\open\Command =F:\s.exe

      HKCU\..\..\Explorer\MountPoints2\{320fa499-a36c-11de-ba28-001986001dc9}
      Shell\AutoRun\command =G:\ewqij.bat
      Shell\open\Command =G:\ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{320fa49a-a36c-11de-ba28-001986001dc9}
      Shell\AutoRun\command =ewqij.bat
      Shell\open\Command =ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{4609c6cc-bef8-11de-baa3-001e6813dfb5}
      Shell\AutoRun\command =F:\bycfht.exe
      Shell\open\Command =F:\bycfht.exe

      HKCU\..\..\Explorer\MountPoints2\{48b8604a-c3bf-11de-bab8-001e6813dfb5}
      Shell\AutoRun\command =F:\jim\carry\jIm.exe
      Shell\open\command =F:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{8433b00c-940f-11de-b9e8-001986001dc9}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
      Shell\Ouvrir\command =log.exe

      HKCU\..\..\Explorer\MountPoints2\{8433b00f-940f-11de-b9e8-001986001dc9}
      Shell\AutoRun\command =H:\ewqij.bat
      Shell\open\Command =H:\ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{89125929-d00a-11de-baed-001e6813dfb5}
      Shell\AutoRun\command =G:\jim\carry\jIm.exe
      Shell\open\command =G:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{894395ae-d025-11de-baf0-001f3a0f7959}
      Shell\AutoRun\command =F:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe
      Shell\open\command =F:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe

      HKCU\..\..\Explorer\MountPoints2\{8a7aa21e-9613-11de-b9f2-001e6813dfb5}
      Shell\AutoRun\command =F:\lcw.exe
      Shell\open\Command =F:\lcw.exe

      HKCU\..\..\Explorer\MountPoints2\{9e466f56-d83a-11de-bb17-001e6813dfb5}
      Shell\AutoRun\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
      Shell\open\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe

      HKCU\..\..\Explorer\MountPoints2\{b395ec1a-9260-11de-b9df-001e6813dfb5}
      Shell\AutoRun\command =F:\mb9x.exe
      Shell\open\Command =F:\mb9x.exe

      HKCU\..\..\Explorer\MountPoints2\{c10fdd9a-9fa5-11de-ba18-001e6813dfb5}
      Shell\AutoRun\command =F:\ewqij.bat
      Shell\open\Command =F:\ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{c138a8aa-980d-11de-b9fc-001e6813dfb5}
      Shell\AutoRun\command =F:\ewqij.bat
      Shell\open\Command =F:\ewqij.bat

      HKCU\..\..\Explorer\MountPoints2\{cce5489f-d996-11de-bb21-001e6813dfb5}
      Shell\AutoRun\command =F:\jim\carry\jIm.exe
      Shell\open\command =F:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{d3209a22-c858-11de-bac7-001e6813dfb5}
      Shell\AutoRun\command =RECYCLER\S-51-9-25-3434476501-1644491933-601013347-1214\BSqBT.exe
      Shell\open\command =RECYCLER\S-51-9-25-3434476501-1644491933-601013347-1214\BSqBT.exe

      HKCU\..\..\Explorer\MountPoints2\{d429b7c7-d4da-11de-bb03-001e6813dfb5}
      Shell\AutoRun\command =G:\LaunchU3.exe -a

      HKCU\..\..\Explorer\MountPoints2\{d429b7c8-d4da-11de-bb03-001e6813dfb5}
      Shell\AutoRun\command =I:\jim\carry\jIm.exe
      Shell\open\command =I:\jim\carry\jIm.exe

      HKCU\..\..\Explorer\MountPoints2\{d5d8712e-c395-11de-bab7-001e6813dfb5}
      Shell\AutoRun\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
      Shell\open\command =F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe

      HKCU\..\..\Explorer\MountPoints2\{dbba1830-91c3-11de-b9dc-001986001dc9}
      Shell\AutoRun\command =9u.exe
      Shell\open\Command =9u.exe

      HKCU\..\..\Explorer\MountPoints2\{dce89e50-9680-11de-b9f5-001e6813dfb5}
      Shell\AutoRun\command =F:\r6d0.bat
      Shell\open\Command =F:\r6d0.bat

      HKCU\..\..\Explorer\MountPoints2\{e5d733a2-a9ab-11de-ba44-001e6813dfb5}
      Shell\AutoRun\command =F:\AutoRun.exe

      HKCU\..\..\Explorer\MountPoints2\{e627aae6-9468-11de-b9ea-001986001dc9}
      Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
      Shell\Ouvrir\command =log.exe

      HKCU\..\..\Explorer\MountPoints2\{ff0ee784-dd9a-11de-bb2f-001e6813dfb5}
      Shell\AutoRun\command =F:\AutoRun.exe

      HKCU\..\..\Explorer\MountPoints2\{ff0ee786-dd9a-11de-bb2f-001e6813dfb5}
      Shell\AutoRun\command =F:\AutoRun.exe

      ################## | Cracks / Keygens / Serials |

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DIVERS\UTUNTU N'UTUNDI\Eviews\Crack\eviews4.exe"
      10/04/2002 05:31 PM |Size 5701632 |Crc32 2f7c2c7a |Md5 ecccb1ad9bf8d7647dca045bb7d3cda7

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack\Crack.exe"
      06/05/2005 11:40 PM |Size 26641 |Crc32 16bb0af5 |Md5 c0305deeb485e8eac7c141a8c8184d54

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\ftpexp\FTP-Expert-3.0x.x-crack\Crack.exe"
      06/05/2005 11:40 PM |Size 14349 |Crc32 d2bacc2e |Md5 802f5eabd58fa12351f0008ff58bdc4c

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup.exe"
      02/19/2003 09:03 PM |Size 536576 |Crc32 0aae5237 |Md5 013dcc82e5bf9acc0058c1a386d363ea

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DC500.EXE"
      03/13/2001 04:41 PM |Size 1998868 |Crc32 b526aa0b |Md5 aa337e287a151e9a308b0fb3026eb8a0

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\EasyRecovery.exe"
      02/11/2003 08:27 PM |Size 192512 |Crc32 fd670491 |Md5 72a55ab3193ee05a92a55b28af985725

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\ERDOSDSKFrench.exe"
      02/11/2003 08:37 PM |Size 1866755 |Crc32 5a7af0b4 |Md5 bee2e57b5a56642f55c03e438bca29a7

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DOS\easyrec.exe"
      02/11/2003 08:35 PM |Size 1215650 |Crc32 0ba260ed |Md5 fa6d2003219b3f9a52edf59d77c830be

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup\setup.exe"
      02/11/2003 08:53 PM |Size 32450908 |Crc32 f3bdfd6c |Md5 7fa1727a3e7381f9deb5cfc2c9e1ae82

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Logiciels\Kaspersky.Internet.Security.7.FR.Cracked.+.Key.By.-MqT-\KIS_7.0.0.119.exe"
      05/21/2007 08:43 PM |Size 23731352 |Crc32 c796af34 |Md5 c1bedf72706d07dbff448a6c2ce16b9b

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\dotnetfx.exe"
      08/17/2008 09:03 PM |Size 23510720 |Crc32 7709e3ad |Md5 93a13358898a54643adbca67d1533462

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\DVD Architect 4.0.125\dvdarchitect40.exe"
      09/14/2006 03:34 PM |Size 43262532 |Crc32 db3d1814 |Md5 50ea945f9c285c962ad75b9c8a886353

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\SONY VEGAS\Sony Vegas 7 + DVD Architect 4 + keygen\Vegas 7.0a\vegas70a.exe"
      09/12/2006 12:10 PM |Size 120229111 |Crc32 4839d847 |Md5 d6f2c62e4b41115c6e1a8112edf31207

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\video 9\CRACK\kguvs9.exe"
      04/21/2005 11:19 AM |Size 33280 |Crc32 3106bab1 |Md5 23f036222a17d6d4280f3d56a1817467

      "C:\Documents and Settings\Dr MUGANGA\Mes documents\video 9\Crack Ulead MediaStudio Pro 8.00.0028 Trial to Full English - Bidjan\samples\MASK\hoart.exe"
      10/06/2005 10:07 PM |Size 429056 |Crc32 233a2b4f |Md5 9f31250fbb2cf0c7b2b84f94b2d93a6e

      "D:\Documents and Settings\Administrateur\Mes documents\Total Video Converter v3.10 Incl Serial\tvc.exe"
      02/20/2007 06:14 PM |Size 5372945 |Crc32 d91d4097 |Md5 2d8bc2e9cb0faa78f459f1b8c7e71513

      "F:\DATA\DIVERS\UTUNTU N'UTUNDI\Eviews\Crack\eviews4.exe"
      10/04/2002 05:31 PM |Size 5701632 |Crc32 2f7c2c7a |Md5 ecccb1ad9bf8d7647dca045bb7d3cda7

      "F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack\Crack.exe"
      06/05/2005 11:40 PM |Size 26641 |Crc32 16bb0af5 |Md5 c0305deeb485e8eac7c141a8c8184d54

      "F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\ftpexp\FTP-Expert-3.0x.x-crack\Crack.exe"
      06/05/2005 11:40 PM |Size 14349 |Crc32 d2bacc2e |Md5 802f5eabd58fa12351f0008ff58bdc4c

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup.exe"
      02/19/2003 09:03 PM |Size 536576 |Crc32 0aae5237 |Md5 013dcc82e5bf9acc0058c1a386d363ea

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DC500.EXE"
      03/13/2001 04:41 PM |Size 1998868 |Crc32 b526aa0b |Md5 aa337e287a151e9a308b0fb3026eb8a0

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\EasyRecovery.exe"
      02/11/2003 08:27 PM |Size 192512 |Crc32 fd670491 |Md5 72a55ab3193ee05a92a55b28af985725

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\ERDOSDSKFrench.exe"
      02/11/2003 08:37 PM |Size 1866755 |Crc32 5a7af0b4 |Md5 bee2e57b5a56642f55c03e438bca29a7

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\French\DOS\easyrec.exe"
      02/11/2003 08:35 PM |Size 1215650 |Crc32 0ba260ed |Md5 fa6d2003219b3f9a52edf59d77c830be

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Easy Recovery Pro 7.8 +serial - fran‡ais\Setup\setup.exe"
      02/11/2003 08:53 PM |Size 32450908 |Crc32 f3bdfd6c |Md5 7fa1727a3e7381f9deb5cfc2c9e1ae82

      "F:\DATA\DOCUMENTS\DONNEES\MY SOFTWARES\Logiciels\Kaspersky.Internet.Security.7.FR.Cracked.+.Key.By.-MqT-\KIS_7.0.0.119.exe"
      05/21/2007 08:43 PM |Size 23731352 |Crc32 c796af34 |Md5 c1bedf72706d07dbff448a6c2ce16b9b

      "C:\Documents and Settings\Dr MUGANGA\Bureau\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack.zip"
      -> Contain : Crack.exe 26637 DFLT-X 8% 24497 15-05-2002 06:00:00 dd770920

      "F:\DATA\DOCUMENTS\DONNEES\MY COURSES\Informatique\NTIC 2006\Flash mx\Macromedia_Flash_MX_crack.zip"
      -> Contain : Crack.exe 26637 DFLT-X 8% 24497 15-05-2002 06:00:00 dd770920


      ################## | ! Fin du rapport # UsbFix V6.059 ! |
      0
  2. gen-hackman
     
    salut supprime tous ces cracks et keygens source d 'infection puis :

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    ▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

    ▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    ▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

    ▶ Ton bureau disparaitra et le pc redémarrera .

    ▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0