Bonjour,
voici mon rapport pour mon dique dur externe
############################## | UsbFix 7.035 | [Recherche]
Utilisateur: user (Administrateur) # PC-DE-USER [Hewlett-Packard HP Pavilion dv6700 Notebook PC]
Mis à jour le 22/11/10 par El Desaparecido / C_XX
Lancé à 18:26:11 | 26/11/2010
Site Web:
http://www.*****.org
Contact: *******.org
CPU: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Microsoft® Windows Vista(TM) Edition Familiale Premium (6.0.6001 32-Bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Pare-feu Windows: Activé
RAM -> 3070 Mo
C:\ (%systemdrive%) -> Disque fixe # 129 Go (25 Go libre(s) - 19%) [] # NTFS
D:\ -> Disque fixe # 92 Go (34 Go libre(s) - 37%) [Nouveau nom] # NTFS
E:\ -> CD-ROM
F:\ -> Disque fixe # 233 Go (30 Go libre(s) - 13%) [Foufa ] # NTFS
G:\ -> Disque fixe # 12 Go (2 Go libre(s) - 17%) [HP_RECOVERY] # NTFS
################## | Eléments infectieux |
Présent! C:\Users\user\AppData\Local\Temp\pv.exe
Présent! C:\Users\user\AppData\Local\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Présent! C:\Users\user\AppData\Local\Temp\amt.log
Présent! C:\Users\user\AppData\Local\Temp\AutoRun.exe
Présent! C:\Users\user\AppData\Local\Temp\IXP000.TMP
Présent! C:\tmp
Présent! F:\Thumbs .db
Présent! F:\Thumbs.com
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFind
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\F
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{0baee079-2df4-11df-92f3-c7888c4dfa3f}
Shell\AutoRun\Command = F:\SysAnti.exe
Shell\Explore\Command = F:\SysAnti.exe
Shell\Open\Command = F:\SysAnti.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{0f9da491-e375-11df-8fc9-bae5ff84977b}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\NIoDo.eXe
HKCU\.\.\.\.\Explorer\MountPoints2\{14b0a0b6-1f23-11df-bba4-a616ec54610d}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{14b0a0d5-1f23-11df-bba4-a616ec54610d}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{17393d29-09bf-11de-8289-dc845a7e81a8}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs image.jpg
HKCU\.\.\.\.\Explorer\MountPoints2\{1c87cb2c-932a-11de-9c23-b949e1101d47}
Shell\AutoRun\Command = H:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{1c87cb4e-932a-11de-9c23-f71368e3c75d}
Shell\AutoRun\Command = H:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{1f5d86f8-983a-11df-beb9-c4b5f8df86f1}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{20b243dc-6a85-11df-81e0-966085f4f125}
Shell\AutoRun\Command = SysAnti.exe
Shell\Explore\Command = SysAnti.exe
Shell\Open\Command = SysAnti.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{2c91ebae-9572-11de-a991-e7cd3ed75438}
Shell\Auto\Command = H:\auto.exe
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\auto.exe
Shell\explore\Command = H:\yew.bat
Shell\open\Command = H:\yew.bat
HKCU\.\.\.\.\Explorer\MountPoints2\{3b0b79b7-380a-11df-b592-aa555ca61a90}
Shell\AutoRun\Command = F:\SOL/fla.exe
Shell\explore\Command = F:\SOL/fla.exe
Shell\open\Command = F:\SOL/fla.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{416c0ff4-ba34-11dd-ab94-e83bb3fce27f}
Shell\AutoRun\Command = 2fiji.com
Shell\explore\Command = 2fiji.com
Shell\open\Command = 2fiji.com
HKCU\.\.\.\.\Explorer\MountPoints2\{4bc88da7-1715-11de-82dd-a01de037de92}
Shell\AutoRun\Command = F:\j60osk9.cmd
Shell\open\Command = F:\j60osk9.cmd
HKCU\.\.\.\.\Explorer\MountPoints2\{51cd29c4-0c1e-11df-af69-a8c1172014f3}
Shell\AutOpLay\Command = nvdw.pif
Shell\AutoRun\Command = nvdw.pif
Shell\exPLORe\Command = nvdw.pif
Shell\opEN\Command = nvdw.pif
HKCU\.\.\.\.\Explorer\MountPoints2\{62e4d187-7c87-11df-bbef-84c338008a92}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{62e4d19f-7c87-11df-bbef-84c338008a92}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{62e4d1a1-7c87-11df-bbef-84c338008a92}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{62e4d1b4-7c87-11df-bbef-84c338008a92}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{722c0a47-3f31-11df-94fd-d13861a78de3}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{730c7dc1-d1fb-11de-9b75-d5e0c39c36af}
Shell\AutoRun\Command = F:\yudald.bat
Shell\open\Command = F:\yudald.bat
HKCU\.\.\.\.\Explorer\MountPoints2\{783b0fcd-4bee-11df-9858-9eacaf9f7aa9}
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs image.jpg
HKCU\.\.\.\.\Explorer\MountPoints2\{8291364a-d040-11de-9cbf-ace7cab498cb}
Shell\AutoRun\Command = DOBRERIBE/ziza.exe
Shell\explore\Command = DOBRERIBE/ziza.exe
Shell\open\Command = DOBRERIBE/ziza.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{8a90e30d-20aa-11df-ba7f-998212b17ad4}
Shell\AutoRun\Command = F:\ime/moje.exe
Shell\explore\Command = F:\ime/moje.exe
Shell\open\Command = F:\ime/moje.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{98adef33-b744-11de-b0a5-c934675b9244}
Shell\AutoRun\Command = F:\vlvtdflx.exe
Shell\open\Command = F:\vlvtdflx.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{99659174-13f7-11df-8c4e-c58952078499}
Shell\AutoRun\Command = F:\Setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{9f5e2444-a9a3-11dd-81f8-e9255836ace8}
Shell\AutoRun\Command = H:\sdfqh.exe
Shell\open\Command = H:\sdfqh.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{a347b13e-93d9-11de-b690-a0b3121e3cb4}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{a54f3fb2-dc6d-11df-9035-98ff8c64aaa4}
Shell\AutoRun\Command = F:\movies\intro.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{ad8eabae-94bc-11de-95c0-a8471efbc779}
Shell\Auto\Command = F:\auto.exe
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe
Shell\explore\Command = F:\yew.bat
Shell\open\Command = F:\yew.bat
HKCU\.\.\.\.\Explorer\MountPoints2\{aef3ba79-92bb-11df-afdd-dd64f752bc93}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{b206de7d-b9b9-11de-a705-f371045fd905}
Shell\AutoRun\Command = 0fkk02x.exe
Shell\open\Command = 0fkk02x.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{b651d9c6-d09f-11de-8419-ccad191ac28d}
Shell\AutoRun\Command = H:\UNUCI/junaci.exe
Shell\open\Command = H:\UNUCI/junaci.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{c618a662-7f56-11dd-b258-001e685b02d1}
Shell\Auto\Command = H:\auto.exe
Shell\AutoPLay\Command = H:\paui.pif
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\auto.exe
Shell\ExplORe\Command = H:\paui.pif
Shell\oPEn\Command = H:\paui.pif
HKCU\.\.\.\.\Explorer\MountPoints2\{cfb4f40e-a498-11de-bec7-a0fafbe49891}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d0dcd207-c97e-11de-86bf-806e6f6e6963}
Shell\AutoRun\Command = F:\8rcahp.exe
Shell\open\Command = F:\8rcahp.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d54dfd65-81ce-11df-90a1-9b7201d216c9}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{eec35466-c5ee-11dd-8ff6-87194f8fe8e3}
Shell\AutoRun\Command = F:\STOBOM/odlazim.exe
Shell\explore\Command = F:\STOBOM/odlazim.exe
Shell\open\Command = F:\STOBOM/odlazim.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{f3d27c1e-1ebc-11de-9adf-98fce4515a95}
Shell\AutoRun\Command = f2.bat
Shell\open\Command = f2.bat
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F |
Afficher la suite
