VIRUS aider moi svp
nadjib157
Messages postés
118
Statut
Membre
-
manounat -
manounat -
Salut, J'ai un ordinateur portable "Acer(aspire one)" qui a étais infecter par des virus dont un sous le nom de "Mabezat;zPharaoh.dat" et d'autres, j'ai fait un scanne avec Mbam "Mise a jour" qui a détecter et supprimer 120 objets infectés, et une Suppression/vaccination avec UsbFix qui en a détecter et supprimer lui aussi, mais je croie que la machine est toujours infecter car quelques exécutable sont automatiquement écraser (comme Ccleaner.exe ou Avira antiVir que je n'es pas pu installer) et je ne sais pas si c'est a cause de sa ou a couse du dernier scanne effectuer par une autre personne a l'aide de Kaspersky qui a détecter et supprimer des fichiers système et des drivers infecter; et la je me demande quoi faire!!!
-Il faut récupérer les drivers que je n'arrive pas a trouver!!!
-Il faut désinfecter la machine.
MERCI de votre aide.
PS: je vais poster en bas les rapport de Mbam et UsbFix
---------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
12/05/2010 09:50:51
mbam-log-2010-05-12 (09-50-51).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 121920
Temps écoulé: 38 minute(s), 34 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 55
Fichier(s) infecté(s): 69
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe RunVer.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\bycool1 (Worm.AutoIT) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bycool (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_08_02 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_17_23 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_04_05_2010_13_25_04 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_06_05_2010_18_25_15 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_00_00_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_11_19_56 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_12_43_44 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_13_35_18 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_13_55_42 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_15_46_16 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_16_24_34 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_23_58_28 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_21_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_45_48 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_08_16_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_13_07_32 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_17_28_50 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_18_54_47 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_19_13_03 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_14_26_35 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_20_10_32 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_06_57 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_19_23 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_09_33_50 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_09_59_25 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_19_45_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_21_44_13 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_21_56_33 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_22_36_12 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_22_52_56 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_23_41_26 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_37_58 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_51_29 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_00_26_38 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_21_51_13 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_22_27_28 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_23_02_01 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_23_44_08 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_10_38_28 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_11_29_57 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_20_02_05 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_16_04_2010_14_01_56 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_18_04_2010_10_48_03 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_19_04_2010_11_21_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_24_04_2010_20_27_43 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_27_04_2010_13_39_26 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_42_31 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_48_40 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_30_04_2010_00_12_50 (Worm.AutoRun) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\csrcs.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bycool\compilateur_auto.aaa (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bycool1\log.aaa (Worm.AutoIT) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_08_02\01_05_2010_00_10_32.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_08_02\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_17_23\01_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_04_05_2010_13_25_04\04_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_06_05_2010_18_25_15\06_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_00_00_14\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_12_43_44\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_13_35_18\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_13_55_42\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_15_46_16\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_16_24_34\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_23_58_28\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_21_14\08_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_21_14\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_45_48\08_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_45_48\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_13_07_32\08_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_17_28_50\08_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_18_54_47\08_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_19_13_03\08_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_14_26_35\09_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_14_26_35\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_20_10_32\09_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_20_10_32\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_06_57\09_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_06_57\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_19_23\09_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_19_23\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_09_33_50\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_09_59_25\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_19_45_14\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_21_44_13\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_21_56_33\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_22_36_12\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_23_41_26\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_37_58\10_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_37_58\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_51_29\10_04_2010_13_57_49.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_51_29\10_04_2010_13_57_56.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_51_29\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_00_26_38\10_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_23_02_01\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_23_44_08\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_10_38_28\15_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_10_38_28\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_11_29_57\15_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_11_29_57\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_20_02_05\15_04_2010_20_03_24.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_20_02_05\15_04_2010_20_03_29.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_20_02_05\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_16_04_2010_14_01_56\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_18_04_2010_10_48_03\18_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_18_04_2010_10_48_03\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_19_04_2010_11_21_14\19_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_19_04_2010_11_21_14\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_24_04_2010_20_27_43\24_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_24_04_2010_20_27_43\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_27_04_2010_13_39_26\27_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_27_04_2010_13_39_26\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_42_31\29_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_42_31\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_48_40\29_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_48_40\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_30_04_2010_00_12_50\30_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_30_04_2010_00_12_50\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\ASPIRE ONE\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------------------
############################## | UsbFix V6.102 |
User : ASPIRE ONE (Administrateurs) # ACER-2141B46CA9
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:02:28 | 12/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP ?dition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
C:\ -> Disque fixe local # 144,17 Go (135,73 Go free) [ACER] # NTFS
################## | Elements infectieux |
C:\WINDOWS\System32\autorun.inf
C:\WINDOWS\System32\autorun.ini
C:\WINDOWS\System32\f
C:\khq
################## | Mabezat |
C:\DOCUME~1\ASPIRE~1\APPLIC~1\tazebama
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
################## | Registre |
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{23c0efa8-3464-11df-819e-00242b6d2083}
Shell\AutoRun\command =E:\ltznwy.exe
Shell\open\Command =E:\ltznwy.exe
HKCU\..\..\Explorer\MountPoints2\{23c0efa9-3464-11df-819e-00242b6d2083}
SHeLl\AUtoPlay\commaND =D:\xrxd.pif
SHeLl\AutoRun\command =D:\xrxd.pif
SHeLl\explorE\Command =D:\xrxd.pif
SHeLl\OpEn\COmmaNd =D:\xrxd.pif
HKCU\..\..\Explorer\MountPoints2\{4ed3e247-2928-11df-8177-00242b6d2083}
Shell\AutoRun\command =D:\ltznwy.exe
Shell\open\Command =D:\ltznwy.exe
HKCU\..\..\Explorer\MountPoints2\{50356522-59cc-11df-81db-00242b6d2083}
Shell\AutoRun\command =D:\
Shell\explore\command =D:\
Shell\open\command =D:\
HKCU\..\..\Explorer\MountPoints2\{51855a77-4302-11df-81bd-00242b6d2083}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
Shell\Explore\command =E:\explorer.exe
Shell\Open\command =E:\explorer.exe
HKCU\..\..\Explorer\MountPoints2\{a9379de0-5b93-11df-81ea-00242b6d2083}
Shell\AutoRun\command =D:\reatogoMenu.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.102 ! |
------------------------------------------------------------------------------------------------------
############################## | UsbFix V6.102 |
User : ASPIRE ONE (Administrateurs) # ACER-2141B46CA9
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:15:39 | 12/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP ?dition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
C:\ -> Disque fixe local # 144,17 Go (135,7 Go free) [ACER] # NTFS
################## | Elements infectieux |
Supprimé ! C:\WINDOWS\System32\autorun.inf
Supprimé ! C:\WINDOWS\System32\autorun.ini
Supprimé ! C:\WINDOWS\System32\f
Supprimé ! C:\khq
Supprimé ! C:\Recycler\S-1-5-21-3113605024-2810431730-1660944340-1006
################## | Mabezat |
Supprimé ! C:\DOCUME~1\ASPIRE~1\APPLIC~1\tazebama
Supprimé ! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
################## | Registre |
Supprimé ! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{23c0efa8-3464-11df-819e-00242b6d2083}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{23c0efa9-3464-11df-819e-00242b6d2083}\Shell\AUtoPlay\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4ed3e247-2928-11df-8177-00242b6d2083}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{50356522-59cc-11df-81db-00242b6d2083}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{51855a77-4302-11df-81bd-00242b6d2083}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a9379de0-5b93-11df-81ea-00242b6d2083}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[19/08/2008 13:14|--a------|0] C:\AUTOEXEC.BAT
[06/03/2010 21:24|-rahs----|216] C:\boot.ini
[14/04/2008 08:00|-rahs----|4952] C:\Bootfont.bin
[19/08/2008 13:14|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[19/08/2008 13:14|-rahs----|0] C:\IO.SYS
[19/08/2008 13:14|-rahs----|0] C:\MSDOS.SYS
[14/04/2008 08:00|-rahs----|47564] C:\NTDETECT.COM
[14/04/2008 08:00|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[19/08/2008 13:34|--a------|542] C:\RHDSetup.log
[12/05/2010 10:25|--a------|2339] C:\UsbFix.txt
[11/11/1999 09:17|--a------|49] C:\XPH.TAG
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | ! Fin du rapport # UsbFix V6.102 ! |
-Il faut récupérer les drivers que je n'arrive pas a trouver!!!
-Il faut désinfecter la machine.
MERCI de votre aide.
PS: je vais poster en bas les rapport de Mbam et UsbFix
---------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
12/05/2010 09:50:51
mbam-log-2010-05-12 (09-50-51).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 121920
Temps écoulé: 38 minute(s), 34 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 55
Fichier(s) infecté(s): 69
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe RunVer.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\bycool1 (Worm.AutoIT) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bycool (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_08_02 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_17_23 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_04_05_2010_13_25_04 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_06_05_2010_18_25_15 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_00_00_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_11_19_56 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_12_43_44 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_13_35_18 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_13_55_42 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_15_46_16 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_16_24_34 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_23_58_28 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_21_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_45_48 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_08_16_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_13_07_32 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_17_28_50 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_18_54_47 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_19_13_03 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_14_26_35 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_20_10_32 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_06_57 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_19_23 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_09_33_50 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_09_59_25 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_19_45_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_21_44_13 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_21_56_33 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_22_36_12 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_22_52_56 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_23_41_26 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_37_58 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_51_29 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_00_26_38 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_21_51_13 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_22_27_28 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_23_02_01 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_23_44_08 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_10_38_28 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_11_29_57 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_20_02_05 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_16_04_2010_14_01_56 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_18_04_2010_10_48_03 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_19_04_2010_11_21_14 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_24_04_2010_20_27_43 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_27_04_2010_13_39_26 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_42_31 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_48_40 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_30_04_2010_00_12_50 (Worm.AutoRun) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\csrcs.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bycool\compilateur_auto.aaa (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bycool1\log.aaa (Worm.AutoIT) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_08_02\01_05_2010_00_10_32.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_08_02\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_01_05_2010_00_17_23\01_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_04_05_2010_13_25_04\04_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_06_05_2010_18_25_15\06_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_00_00_14\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_12_43_44\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_13_35_18\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_13_55_42\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_15_46_16\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_16_24_34\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_07_05_2010_23_58_28\07_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_21_14\08_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_21_14\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_45_48\08_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_04_2010_20_45_48\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_13_07_32\08_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_17_28_50\08_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_18_54_47\08_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_08_05_2010_19_13_03\08_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_14_26_35\09_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_14_26_35\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_20_10_32\09_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_20_10_32\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_06_57\09_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_06_57\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_19_23\09_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_04_2010_21_19_23\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_09_33_50\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_09_59_25\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_19_45_14\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_21_44_13\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_21_56_33\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_22_36_12\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_09_05_2010_23_41_26\09_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_37_58\10_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_37_58\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_51_29\10_04_2010_13_57_49.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_51_29\10_04_2010_13_57_56.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_04_2010_13_51_29\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_00_26_38\10_05_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_23_02_01\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_10_05_2010_23_44_08\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_10_38_28\15_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_10_38_28\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_11_29_57\15_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_11_29_57\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_20_02_05\15_04_2010_20_03_24.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_20_02_05\15_04_2010_20_03_29.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_15_04_2010_20_02_05\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_16_04_2010_14_01_56\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_18_04_2010_10_48_03\18_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_18_04_2010_10_48_03\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_19_04_2010_11_21_14\19_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_19_04_2010_11_21_14\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_24_04_2010_20_27_43\24_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_24_04_2010_20_27_43\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_27_04_2010_13_39_26\27_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_27_04_2010_13_39_26\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_42_31\29_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_42_31\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_48_40\29_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_29_04_2010_00_48_40\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_30_04_2010_00_12_50\30_04_2010.K (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f\d\e\d\h\ASPIRE ONE_30_04_2010_00_12_50\comp.rar (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\ASPIRE ONE\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------------------
############################## | UsbFix V6.102 |
User : ASPIRE ONE (Administrateurs) # ACER-2141B46CA9
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:02:28 | 12/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP ?dition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
C:\ -> Disque fixe local # 144,17 Go (135,73 Go free) [ACER] # NTFS
################## | Elements infectieux |
C:\WINDOWS\System32\autorun.inf
C:\WINDOWS\System32\autorun.ini
C:\WINDOWS\System32\f
C:\khq
################## | Mabezat |
C:\DOCUME~1\ASPIRE~1\APPLIC~1\tazebama
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
################## | Registre |
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{23c0efa8-3464-11df-819e-00242b6d2083}
Shell\AutoRun\command =E:\ltznwy.exe
Shell\open\Command =E:\ltznwy.exe
HKCU\..\..\Explorer\MountPoints2\{23c0efa9-3464-11df-819e-00242b6d2083}
SHeLl\AUtoPlay\commaND =D:\xrxd.pif
SHeLl\AutoRun\command =D:\xrxd.pif
SHeLl\explorE\Command =D:\xrxd.pif
SHeLl\OpEn\COmmaNd =D:\xrxd.pif
HKCU\..\..\Explorer\MountPoints2\{4ed3e247-2928-11df-8177-00242b6d2083}
Shell\AutoRun\command =D:\ltznwy.exe
Shell\open\Command =D:\ltznwy.exe
HKCU\..\..\Explorer\MountPoints2\{50356522-59cc-11df-81db-00242b6d2083}
Shell\AutoRun\command =D:\
Shell\explore\command =D:\
Shell\open\command =D:\
HKCU\..\..\Explorer\MountPoints2\{51855a77-4302-11df-81bd-00242b6d2083}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
Shell\Explore\command =E:\explorer.exe
Shell\Open\command =E:\explorer.exe
HKCU\..\..\Explorer\MountPoints2\{a9379de0-5b93-11df-81ea-00242b6d2083}
Shell\AutoRun\command =D:\reatogoMenu.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.102 ! |
------------------------------------------------------------------------------------------------------
############################## | UsbFix V6.102 |
User : ASPIRE ONE (Administrateurs) # ACER-2141B46CA9
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:15:39 | 12/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP ?dition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
C:\ -> Disque fixe local # 144,17 Go (135,7 Go free) [ACER] # NTFS
################## | Elements infectieux |
Supprimé ! C:\WINDOWS\System32\autorun.inf
Supprimé ! C:\WINDOWS\System32\autorun.ini
Supprimé ! C:\WINDOWS\System32\f
Supprimé ! C:\khq
Supprimé ! C:\Recycler\S-1-5-21-3113605024-2810431730-1660944340-1006
################## | Mabezat |
Supprimé ! C:\DOCUME~1\ASPIRE~1\APPLIC~1\tazebama
Supprimé ! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
################## | Registre |
Supprimé ! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{23c0efa8-3464-11df-819e-00242b6d2083}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{23c0efa9-3464-11df-819e-00242b6d2083}\Shell\AUtoPlay\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4ed3e247-2928-11df-8177-00242b6d2083}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{50356522-59cc-11df-81db-00242b6d2083}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{51855a77-4302-11df-81bd-00242b6d2083}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a9379de0-5b93-11df-81ea-00242b6d2083}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[19/08/2008 13:14|--a------|0] C:\AUTOEXEC.BAT
[06/03/2010 21:24|-rahs----|216] C:\boot.ini
[14/04/2008 08:00|-rahs----|4952] C:\Bootfont.bin
[19/08/2008 13:14|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[19/08/2008 13:14|-rahs----|0] C:\IO.SYS
[19/08/2008 13:14|-rahs----|0] C:\MSDOS.SYS
[14/04/2008 08:00|-rahs----|47564] C:\NTDETECT.COM
[14/04/2008 08:00|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[19/08/2008 13:34|--a------|542] C:\RHDSetup.log
[12/05/2010 10:25|--a------|2339] C:\UsbFix.txt
[11/11/1999 09:17|--a------|49] C:\XPH.TAG
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | ! Fin du rapport # UsbFix V6.102 ! |
A voir également:
- VIRUS aider moi svp
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
