rapport usbfix:trojan,spy,tentative guerison Fermé

Question

Bonjour, 
voici un rapport de usbfix 

############################## | UsbFix V6.059 |

User : M.KAST (Administrateurs) # KAST-H0SKHCMHIW
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 21:50:37 | 13/06/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

              Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! antivirus 4.7.892 [VPS 100613-2] 4.7.892 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 39.06 Go (22.6 Go free) # NTFS
D:\ -> Disque fixe local # 35.46 Go (35.31 Go free) # NTFS
E:\ -> Disque CD-ROM # 591.39 Mo (0 Mo free) [VX2POEM_FR] # CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque amovible # 14.9 Go (4.5 Go free) [USB DISK] # FAT32
I:\ -> Disque fixe local # 596.17 Go (228.47 Go free) [Nouveau nom] # NTFS
K:\ -> Disque amovible # 969.99 Mo (964.93 Mo free) [HAARRRG !!!] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 500
C:\WINDOWS\system32\csrss.exe 548
C:\WINDOWS\system32\winlogon.exe 584
C:\WINDOWS\system32\services.exe 632
C:\WINDOWS\system32\lsass.exe 644
C:\WINDOWS\system32\Ati2evxx.exe 804
C:\WINDOWS\system32\svchost.exe 836
C:\WINDOWS\system32\svchost.exe 900
C:\WINDOWS\System32\svchost.exe 972
C:\WINDOWS\system32\svchost.exe 1016
C:\WINDOWS\system32\Ati2evxx.exe 1048
C:\WINDOWS\System32\svchost.exe 1196
C:\WINDOWS\System32\svchost.exe 1284
C:\WINDOWS\system32\spoolsv.exe 1496
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1696
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1724
C:\WINDOWS\system32\PnkBstrA.exe 1804
C:\WINDOWS\system32\slserv.exe 1832
C:\WINDOWS\System32\PAStiSvc.exe 1860
C:\WINDOWS\System32\svchost.exe 1896
C:\WINDOWS\system32\Pen_Tablet.exe 1932
C:\WINDOWS\system32\fxssvc.exe 384
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe 1568
C:\WINDOWS\Fmekyc.exe 1740
C:\WINDOWS\system32\Pen_Tablet.exe 1868
C:\WINDOWS\Explorer.exe 2108
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2240
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2400
C:\WINDOWS\System32\alg.exe 2440
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 2548
C:\WINDOWS\system32\DeltTray.exe 2644
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe 2888
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe 2940
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe 3040
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe 3108
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe 3132
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3140
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE 3568
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 3892
C:\Program Files\Windows Defender\MsMpEng.exe 2188
C:\Program Files\Windows Defender\MSASCui.exe 2816
C:\Program Files\Mozilla Firefox\firefox.exe 1076
C:\DOCUME~1\M04C8~1.KAS\LOCALS~1\Temp\Ftr.exe 1712
C:\WINDOWS\System32\wbem\wmiprvse.exe 3024

################## | Fichiers # Dossiers infectieux |

C:\Documents and Settings\M.KAST\autorun.inf 
C:\Documents and Settings\M.KAST\RavMonLog 
C:\WINDOWS\backinf.tab 
C:\DOCUME~1\M04C8~1.KAS\LOCALS~1\Temp\a.dat 
C:\autorun.inf  
D:\autorun.inf  
E:\autorun.inf  
H:\cold\hott  
H:\cold  
H:\Documents.lnk  
H:\Music.lnk  
H:\New Folder.lnk  
H:\Passwords.lnk  
H:\Pictures.lnk  
H:\Video.lnk  
I:\Documents.lnk  
I:\Music.lnk  
I:\New Folder.lnk  
I:\Passwords.lnk  
I:\Pictures.lnk  
I:\Video.lnk  
K:\autorun.inf  
K:\cold\hott  
K:\cold  
K:\MS32DLL.dll.vbs  
K:\Documents.lnk  
K:\Music.lnk  
K:\New Folder.lnk  
K:\Passwords.lnk  
K:\Pictures.lnk  
K:\Video.lnk  

################## | Spyware.OnlineGames |

C:\System Volume Information\_restore{AED493F0-F576-4A91-AEDD-EB31757DB1B7}\RP1047\A0191651.dll  
C:\System Volume Information\_restore{AED493F0-F576-4A91-AEDD-EB31757DB1B7}\RP1047\A0191666.dll  
C:\System Volume Information\_restore{AED493F0-F576-4A91-AEDD-EB31757DB1B7}\RP1055\A0192727.dll  
C:\System Volume Information\_restore{AED493F0-F576-4A91-AEDD-EB31757DB1B7}\RP1055\A0192728.dll  
C:\System Volume Information\_restore{AED493F0-F576-4A91-AEDD-EB31757DB1B7}\RP1055\A0192839.dll  

################## | Registre # Clés infectieuses |

[HKCU\SOFTWARE\XML]  
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ASocksrv"  
[HKLM\SOFTWARE\Classes\CLSID\MADOWN]  
[HKCR\CLSID\MADOWN]  

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\H
Shell\AutoRun\command =H:\LaunchU3.exe 

HKCU\..\..\Explorer\MountPoints2\{00dfd90a-c6ac-11db-891b-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{03eed8ac-0075-11df-8af6-fa475e04b40b}
Shell\AutoRun\command =J:\e9naq.exe 
Shell\open\Command =J:\e9naq.exe 

HKCU\..\..\Explorer\MountPoints2\{3913e2a1-1c97-11de-8ab1-cc8995c7f13f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{3be2b928-1e5b-11dc-8969-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{3e3132bf-2656-11dd-8a33-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{4d705119-1ea6-11dd-8a32-000d61cca848}
Shell\AutoRun\command =I:\e9naq.exe 
Shell\open\Command =I:\e9naq.exe 

HKCU\..\..\Explorer\MountPoints2\{50e9ccd9-d34a-11dc-8a16-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{50e9ccdb-d34a-11dc-8a16-000d61cca848}
Shell\Auto\command =H:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{569b7fff-c153-11dc-8a09-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{569b8000-c153-11dc-8a09-000d61cca848}
Shell\Auto\command =H:\Start.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

HKCU\..\..\Explorer\MountPoints2\{594e03f9-1e25-11df-8b05-a05214059b64}
Shell\AutoRun\command =H:\e9naq.exe 
Shell\open\Command =H:\e9naq.exe 

HKCU\..\..\Explorer\MountPoints2\{594e03ff-1e25-11df-8b05-a05214059b64}
Shell\AutoRun\command =H:\e9naq.exe 
Shell\open\Command =H:\e9naq.exe 

HKCU\..\..\Explorer\MountPoints2\{594e0404-1e25-11df-8b05-a05214059b64}
Shell\AutoRun\command =H:\cold\hott\sysdiag64.exe 
Shell\Explore\Command =H:\cold\hott\sysdiag64.exe 
Shell\open\command =H:\cold\hott\sysdiag64.exe 

HKCU\..\..\Explorer\MountPoints2\{694095de-151a-11dd-8a28-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{694095df-151a-11dd-8a28-000d61cca848}
Shell\Auto\command =H:\Start.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

HKCU\..\..\Explorer\MountPoints2\{694095e1-151a-11dd-8a28-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{6beb6f8f-77ab-11dd-8a59-000d61cca848}
Shell\Auto\command =I:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{719899e5-658e-11de-8acb-c0bd48b088af}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{73ddf043-10b6-11dd-8a26-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{7a405c0e-a395-11da-932b-806d6172696f}
Shell\Auto\command =tel.xls.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 

HKCU\..\..\Explorer\MountPoints2\{7a405c0f-a395-11da-932b-806d6172696f}
Shell\Auto\command =tel.xls.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 

HKCU\..\..\Explorer\MountPoints2\{7bcbdbca-4474-11dc-897c-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{7fec14c4-081d-11df-8afd-d37f54dd6376}
Shell\AutoRun\command =H:\cold\hott\sysdiag64.exe 
Shell\Explore\Command =H:\cold\hott\sysdiag64.exe 
Shell\open\command =H:\cold\hott\sysdiag64.exe 

HKCU\..\..\Explorer\MountPoints2\{8568e541-ec4b-11dc-8a1c-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{9b526b39-c52c-11dc-8a0d-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{a03a7426-343b-11de-8ac2-9cdac9ac513b}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{a304f57d-6338-11dd-8a53-000d61cca848}
Shell\Auto\command =J:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{a9c8869a-9203-11dd-8a61-000d61cca848}
Shell\Auto\command =H:\Start.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

HKCU\..\..\Explorer\MountPoints2\{aaf79a27-5e43-11dd-8a51-000d61cca848}
Shell\Auto\command =H:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{abc612f7-ceb3-11dc-8a14-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{abd0690b-da6d-11dc-8a17-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{abd06912-da6d-11dc-8a17-000d61cca848}
Shell\Auto\command =H:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{bd7367f1-d464-11de-8af0-eddd693a77a0}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{c381f0da-782f-11de-8ad3-9c29520a6b31}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{ca4464c3-dc02-11de-8af3-c592a0290d3d}
shell\explore\Command =I:\forever.exe 
shell\open\Command =I:\forever.exe 

HKCU\..\..\Explorer\MountPoints2\{cb65ab71-648e-11dc-8996-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{de2d58ee-0eca-11dc-8953-000d61cca848}
Shell\Auto\command =tel.xls.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

HKCU\..\..\Explorer\MountPoints2\{e1831a42-a38e-11da-9b7a-806d6172696f}
Shell\AutoRun\command =E:\setup.exe 

HKCU\..\..\Explorer\MountPoints2\{e4e2c540-7296-11dc-89a4-000d61cca848}
Shell\Auto\command =tel.xls.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

HKCU\..\..\Explorer\MountPoints2\{ea6a6283-6740-11df-8b19-e6d02212b4c1}
Shell\AutoRun\command =H:\cold\hott\sysdiag64.exe 
Shell\Explore\Command =H:\ 
Shell\open\command =H:\ 

HKCU\..\..\Explorer\MountPoints2\{f02ddea0-a888-11de-8adf-ad832cdb261b}
Shell\Auto\command =H:	el.xls.exe 
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

HKCU\..\..\Explorer\MountPoints2\{f5afcd51-73fc-11dd-8a56-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{f7b6436f-e182-11dc-8a19-000d61cca848}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{fbdea74c-9e97-11dd-8a68-fea33ce1daa7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gueFAe.eXe

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.059 ! |



Configuration: Windows XP / Firefox 3.6.3

Utilisateur anonyme · Answer

bonsoir,
tu n'as pas la bonne version d'usbfix, supprime le et retélecharge le ici :

*	Télécharge USBFIX sur ton bureau (Merci à El Desaparecido/C_XX)

https://www.ionos.fr/?affiliate_id=77097

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. 

- Double-clique sur l'icône Usbfix située sur ton Bureau. 
- Sur la page, clique sur le bouton :
« suppression »

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

- puis clique sur OK
- Laisse travailler l'outil.

- Poste le rapport qui apparaît à la fin. 
le rapport se trouve sur C:\ UsbFix.txt
Note : A la fin de l'option nettoyage, il est recommandé de redémarrer le pc

Rapport usbfix:trojan,spy,tentative guerison

1 réponse

Discussions similaires