rapport scan fix Fermé

Question

############################## | UsbFix 7.029 | [Recherche]

Utilisateur: BENDIE (Administrateur) # PC-DE-SHEMA [Acer Aspire 4810T]
Mis à jour le 07/10/10 par El Desaparecido / C_XX
Lancé à 12:36:01 | 10/10/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@arx-services.com

CPU: Intel(R) Core(TM)2 Solo CPU U3500 @ 1.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium  (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18943

Pare-feu Windows: Activé
RAM -> 3001 Mo 
C:\ (%systemdrive%) -> Disque fixe # 223 Go (149 Go libre(s) - 67%) [ACER] # NTFS
E:\ -> Disque amovible # 2 Go (354 Mo libre(s) - 19%) [SHEMSON] # FAT

################## | Éléments infectieux |


Présent! C:\Users\BENDIE\AppData\Local\Temp\pv.exe
Présent! E:\klade\valjka.exe
Présent! E:\Autorun.inf
Présent! C:\Delme.bat
Présent! E:\Documents.lnk
Présent! E:\Videos.lnk
Présent! E:\ipak
Présent! E:\klade

################## | Registre |

Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Présent! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig
Présent! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableSR
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\E
Shell\AutoRun\Command = E:\MARNUO\\guzu.exe
Shell\explore\Command = E:\MARNUO\\guzu.exe
Shell\open\Command = E:\MARNUO\\guzu.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{08c41e3a-1231-11df-9245-0022fb456ea2}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\cUEcuf.eXE

HKCU\.\.\.\.\Explorer\MountPoints2\{0e8ebcd2-47bb-11df-9826-0022fb456ea2}
Shell\AutoRun\Command = D:\SEVEBOMBA/gasgas.exe
Shell\open\Command = D:\SEVEBOMBA/gasgas.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{1eb79800-c4a0-11df-b09f-001f169e5349}
Shell\AutoRun\Command = D:\MARNUO\\guzu.exe
Shell\explore\Command = D:\MARNUO\\guzu.exe
Shell\open\Command = D:\MARNUO\\guzu.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{23528fa4-ca4a-11df-8c35-0022fb456ea2}
Shell\AutoRun\Command = "D:\WD SmartWare.exe" autoplay=true

HKCU\.\.\.\.\Explorer\MountPoints2\{2bbfaa58-d454-11de-b66a-0022fb456ea2}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL DaVOJOnG.EXe

HKCU\.\.\.\.\Explorer\MountPoints2\{3020e900-0fe3-11df-92c0-0022fb456ea2}
Shell\AutoRun\Command = D:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe
Shell\open\Command = D:\RECYCLER\S-51-9-25-3434476501-1644491933-601013350-1214\BSsBT.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{3981b1d7-e48d-11de-a833-0022fb456ea2}
Shell\AutoRun\Command = D:\mbvd.exe
Shell\open\Command = D:\mbvd.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{4c08aa8b-fb5d-11de-9aca-0022fb456ea2}
Shell\AutoRun\Command = pozuda/malena.exe
Shell\explore\Command = pozuda/malena.exe
Shell\open\Command = pozuda/malena.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{5b495ae9-74c7-11df-ac0b-0022fb456ea2}
Shell\AutoRun\Command = D:\ZNOJE///misejaja.exe
Shell\open\Command = D:\ZNOJE///misejaja.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{5f9634f4-7db7-11de-85bb-0022fb456ea2}
Shell\AutoRun\Command = G:\DrivesGuideInfo\S-1-9-01-3739977401-4444491267-600313374-9146\svchost.exe
Shell\open\Command = G:\DrivesGuideInfo\S-1-9-01-3739977401-4444491267-600313374-9146\svchost.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{67f3f9d6-b416-11de-8c58-0022fb456ea2}
Shell\AutoRun\Command = E:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
Shell\open\Command = E:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{6c9ebeba-be50-11df-8d48-001f169e5349}
Shell\AutoRun\Command = GOLAC\	ornado.exå
Shell\explore\Command = E:\GOLAC\\tornado.exe
Shell\open\Command = E:\GOLAC\\tornado.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{6c9ebec4-be50-11df-8d48-001f169e5349}
Shell\AutoRun\Command = E:\MARNUO\\guzu.exe
Shell\explore\Command = E:\MARNUO\\guzu.exe
Shell\open\Command = E:\MARNUO\\guzu.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{7abf5c54-221f-11df-a27f-0022fb456ea2}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TIuOPU.EXE

HKCU\.\.\.\.\Explorer\MountPoints2\{7abf5c58-221f-11df-a27f-0022fb456ea2}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:	iUOpU.eXe

HKCU\.\.\.\.\Explorer\MountPoints2\{7ce27509-b0f5-11df-a1fa-001f169e5349}
Shell\AutoRun\Command = D:\PRZHI\\hladi.exe
Shell\explore\Command = D:\PRZHI\\\hladi.exe
Shell\open\Command = D:\PRZHI\\\hladi.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{83d4a894-faeb-11de-a300-0022fb456ea2}
Shell\AutoRun\Command = D:\storage\sys.exe
Shell\opEN\Command = D:\storage\sys.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{88d16838-6fde-11df-be8a-0022fb456ea2}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs image.jpg

HKCU\.\.\.\.\Explorer\MountPoints2\{8a762b95-7da7-11de-af29-0022fb456ea2}
Shell\AutoRun\Command = F:\abk.bat
Shell\explore\Command = F:\abk.bat
Shell\open\Command = F:\abk.bat

HKCU\.\.\.\.\Explorer\MountPoints2\{960c0dd9-123f-11df-89ce-0022fb456ea2}
Shell\AutoRun\Command = D:\ime/moje.exe
Shell\explore\Command = D:\ime/moje.exe
Shell\open\Command = D:\ime/moje.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{9a41e366-1a16-11df-9329-0022fb456ea2}
Shell\AutoRun\Command = F:\LaunchU3.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{a0f3bd7c-8b20-11de-814d-0022fb456ea2}
Shell\AutoRun\Command = RECYCLER\k-1-3542-4232123213-7676767-8888886\MsGv.exe
Shell\open\Command = RECYCLER\k-1-3542-4232123213-7676767-8888886\MsGv.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{a7df969c-7d6e-11de-8778-0022fb456ea2}
Shell\AutoRun\Command = E:\abk.bat
Shell\explore\Command = E:\abk.bat
Shell\open\Command = E:\abk.bat

HKCU\.\.\.\.\Explorer\MountPoints2\{a97278c9-b9a2-11df-834c-001f169e5349}
Shell\AutoRun\Command = GOLAC\	ornado.exå
Shell\explore\Command = GOLAC\\tornado.exe
Shell\open\Command = GOLAC\\tornado.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{bf6b6fdc-3280-11df-9df7-0022fb456ea2}
Shell\AutoRun\Command = D:\SAVEST///cista.exe
Shell\open\Command = D:\SAVEST///cista.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d75a4c5e-6b6b-11df-ac9a-001f169e5349}
Shell\AutoRun\Command = nds0q.exe
Shell\open\Command = nds0q.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d75a4c63-6b6b-11df-ac9a-001f169e5349}
Shell\AutoRun\Command = F:\LaunchU3.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{db0d5770-cebf-11df-9cf5-001f169e5349}
Shell\AutoRun\Command = D:\MicroLauncher.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{df584c70-b68a-11df-847c-001f169e5349}
Shell\AutoRun\Command = F:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\{df584c79-b68a-11df-847c-001f169e5349}
Shell\open\Command = E:\BARROW\BARROW\BARROWx1o

HKCU\.\.\.\.\Explorer\MountPoints2\{e9ea275e-de89-11de-a48d-0022fb456ea2}
Shell\AutoRun\Command = D:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe
Shell\open\Command = D:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{e9ea2763-de89-11de-a48d-0022fb456ea2}
Shell\AutoRun\Command = E:\LaunchU3.exe -a


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |

jlpjlp · Answer

un bonjour...


des explications cela te ferai mal au c..

Rapport scan fix

1 réponse

Discussions similaires