Virus raila odinga, flashy

Fermé
rolly - 28 oct. 2008 à 11:36
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 20 avril 2009 à 20:56
Bonjour,
demande de la'aide. mon PC a une armée de virus en son sein, tels que raila odinga, flashy, smss et explorer.exe. j'ai essayé antivir mais suppression impossible. j'ai un scan avec hijackThis et voila ce qu'il affiche. je ne sais quelles ligne FIXer. Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:15, on 28/10/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TypingMaster\KBOOST.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RavMont] C:\WINDOWS\System32\RavMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [etjbifoeud] c:\windows\system32\etjbifoeud.exe etjbifoeud
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1547161642-1935655697-1708537768-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1547161642-1935655697-1708537768-1003\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User '?')
O4 - HKUS\S-1-5-21-1547161642-1935655697-1708537768-1003\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1547161642-1935655697-1708537768-1003 Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (User '?')
O4 - S-1-5-21-1547161642-1935655697-1708537768-1003 Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe (User '?')
O4 - S-1-5-21-1547161642-1935655697-1708537768-1003 Startup: (Bass Guitar) Ron Carter - Bass Lines.lnk = ? (User '?')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Startup: (Bass Guitar) Ron Carter - Bass Lines.lnk = ?
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://www.maximumwall.com/mangas/dragon_ball_z/photo_fond_ecran_wallpaper_mangas_dragon_ball_z_134.jpg
O24 - Desktop Component 1: (no name) - http://www.maximumwall.com/mangas/dragon_ball_z/big/photo_fond_ecran_wallpaper_mangas_dragon_ball_z_008.jpg
A voir également:

2 réponses

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
28 oct. 2008 à 11:39
Salut !!

commence par faire ceci stp :

▶ Telecharge UsbFix sur ton bureau

(c'est le numéro 19 en bas de la page)

▶ Lance l installation avec les parametres par default

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix sur ton bureau

▶ Le pc va redémarer

▶ Apres redémarrage post le rapport UsbFix.txt

* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" ,
"Nouvelle tâche" , tapes explorer.exe et valides
0
meukieje Messages postés 21 Date d'inscription mardi 21 novembre 2006 Statut Membre Dernière intervention 3 décembre 2009
20 avril 2009 à 16:01
je suis aussi infecté par la virus flashy.
après avoir exécuter usbfix voici le rapport:NB la machine n'a pas redémarré.

############################## [ UsbFix V3.008 ]

# User : Dr ONGUENE (Administrateurs) # COORDO
# Update on 16/04/09 by C_XX & Chiquitine29
# Start at: 15:56:10 | 20/04/2009

# Intel(R) Pentium(R) 4 CPU 3.06GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | (!) Outdated ]
# FW : Symantec Endpoint Protection[ Enabled ]10.0

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 74,52 Go (283,46 Mo free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 7,53 Go (2 Go free) # FAT32
# F:\ # Disque amovible # 245,02 Mo (41,2 Mo free) [MEUKIEJE] # FAT32

############################## [ Processus actifs ]

C:\WINXP\System32\smss.exe
C:\WINXP\system32\csrss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\wudfhost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINXP\system32\Flashy.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcupdate.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\WINXP\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXP\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINXP\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://fr.yahoo.com/"
HKLM_logon: "Userinit"="C:\\WINXP\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Dr ONGUENE"
HKLM_logon: "AltDefaultUserName"="Dr ONGUENE"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKCU_Run: CTFMON.EXE=C:\WINXP\system32\ctfmon.exe
HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
HKCU_Run: kamsoft=C:\WINXP\system32\kamsoft.exe
HKCU_Run: vamsoft=C:\WINXP\system32\vamsoft.exe
HKCU_Run: FrameWorkService=
HKCU_Run: YSearchProtection=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
HKLM_Run: McAfeeUpdaterUI="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
HKLM_Run: OrderReminder=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
HKLM_Run: Flashy Bot=C:\WINXP\system32\Flashy.exe
HKLM_Run: antihost=C:\WINXP\system32\ahr.exe
HKLM_Run: FrameWorkService=
HKLM_Run: YSearchProtection="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
HKLM_Run: UserFaultCheck=%systemroot%\system32\dumprep 0 -u
HKLM_Run: KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKLM_Run: ShStatEXE="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

################## [ Informations ]


# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINXP\system32\amvo0.dll
Found ! C:\WINXP\system32\nmdfgds0.dll
Found ! C:\WINXP\system32\nmdfgds1.dll
Found ! C:\1ogf.exe
Found ! C:\cqxj.exe
Found ! C:\cqxj.exe
Found ! C:\dbrxubcw.com
Found ! C:\j60osk9.cmd
Found ! C:\ncyrf.bat
Found ! C:\upw.bat
Found ! C:\e.cmd
Found ! C:\i.cmd
Found ! C:\recycler\S-1-5-21-74277620-4196000851-2592287412-500\Dc9\FrameworkService.exe
Found ! F:\i.cmd

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "antihost"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "kamsoft"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "vamsoft"

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{04b5fcc9-e076-11dd-8cd8-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{04b5fcc9-e076-11dd-8cd8-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{04b5fcc9-e076-11dd-8cd8-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{0da046ce-5c6d-11dd-8c30-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0da046d9-5c6d-11dd-8c30-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0da046d9-5c6d-11dd-8c30-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{0da046d9-5c6d-11dd-8c30-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{0f9c1315-d63d-11dd-8cc8-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0f9c1319-d63d-11dd-8cc8-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0f9c1319-d63d-11dd-8cc8-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{0f9c1319-d63d-11dd-8cc8-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{1031f3bf-a1a0-11dd-8c84-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{1031f3bf-a1a0-11dd-8c84-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{1031f3bf-a1a0-11dd-8c84-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{13db0222-c5bd-11dd-8cb3-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{13db0222-c5bd-11dd-8cb3-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{13db0222-c5bd-11dd-8cb3-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{1887d89e-d56f-11dd-8cc7-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{1887d89e-d56f-11dd-8cc7-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{1887d89e-d56f-11dd-8cc7-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{18f12132-7e30-11dd-8c52-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{18f12132-7e30-11dd-8c52-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{18f12132-7e30-11dd-8c52-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{1988b92c-b79b-11dd-8ca0-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{20eaa4f1-1cfa-11de-8d39-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{20eaa4f1-1cfa-11de-8d39-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{24e5ffad-11f5-11de-8d28-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{367309dd-727e-11dd-8c47-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{367309dd-727e-11dd-8c47-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{367309dd-727e-11dd-8c47-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{3915ce2a-f67a-11dd-8d03-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{398b8692-dee0-11dd-8cd7-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{398b8692-dee0-11dd-8cd7-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{398b8692-dee0-11dd-8cd7-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{398b8698-dee0-11dd-8cd7-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{398b869b-dee0-11dd-8cd7-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{3a8f4122-5d39-11dd-8c31-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{3a8f4122-5d39-11dd-8c31-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{3f92dd22-8874-11dd-8c64-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{48f9cabe-fbf3-11dd-8d0a-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{48f9cabf-fbf3-11dd-8d0a-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{532caa15-2346-11de-8d43-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{534b6b1d-e13e-11dd-8cd9-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{534b6b1d-e13e-11dd-8cd9-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{534b6b1d-e13e-11dd-8cd9-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{5ed4a911-e87f-11dd-8ce4-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5ed4a911-e87f-11dd-8ce4-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{69642665-1a96-11de-8d37-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{69642665-1a96-11de-8d37-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{6af4e265-8090-11dd-8c56-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{6af4e265-8090-11dd-8c56-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{6af4e265-8090-11dd-8c56-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{750c09b8-8def-11dd-8c69-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{750c09b8-8def-11dd-8c69-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{750c09b8-8def-11dd-8c69-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{750c09bb-8def-11dd-8c69-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{750c09bb-8def-11dd-8c69-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{750c09bb-8def-11dd-8c69-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{750c09bc-8def-11dd-8c69-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{750c09bc-8def-11dd-8c69-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{7b0d5ced-7e67-11dd-8c53-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{7b0d5ced-7e67-11dd-8c53-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{812a9f63-8556-11dd-8c5f-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{812a9f63-8556-11dd-8c5f-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{812a9f63-8556-11dd-8c5f-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{8200543d-fcbc-11dd-8d0b-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{821e3d2a-61e6-11dd-8c35-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{821e3d2a-61e6-11dd-8c35-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{88506cee-911f-11dd-8c6e-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{88506cee-911f-11dd-8c6e-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{88506cee-911f-11dd-8c6e-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{88506cf8-911f-11dd-8c6e-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{88506cf8-911f-11dd-8c6e-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{88506cf8-911f-11dd-8c6e-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{88506cfb-911f-11dd-8c6e-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9ae0669c-b46f-11dd-8c9b-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9ae0669c-b46f-11dd-8c9b-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{9ae0669c-b46f-11dd-8c9b-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{a34f910f-57d7-11dd-83b2-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{a34f910f-57d7-11dd-83b2-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{a34f9110-57d7-11dd-83b2-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{a34f9110-57d7-11dd-83b2-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{a34f9110-57d7-11dd-83b2-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{acabb42d-f1bc-11dd-8cf8-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{acabb42d-f1bc-11dd-8cf8-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{acabb42d-f1bc-11dd-8cf8-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{adcc1fc9-9890-11dd-8c73-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{adcc1fc9-9890-11dd-8c73-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{c180d1bd-c687-11dd-8cb4-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c180d1bd-c687-11dd-8cb4-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{c35678b4-edd0-11dd-8cf3-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c35678b4-edd0-11dd-8cf3-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{c4026c31-a0cb-11dd-8c81-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{c4026c31-a0cb-11dd-8c81-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{c4026c31-a0cb-11dd-8c81-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{dad8a7aa-62b4-11dd-8c36-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{dc578033-ccd0-11dd-8cbe-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{dc578033-ccd0-11dd-8cbe-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{de729240-bc7c-11dd-8ca7-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f665e098-de17-11dd-8cd6-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f7a1c877-98f4-11dd-8c74-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f7a1c877-98f4-11dd-8c74-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{f7a1c877-98f4-11dd-8c74-0019db2e80dc}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{f7a1c886-98f4-11dd-8c74-0019db2e80dc}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f7a1c886-98f4-11dd-8c74-0019db2e80dc}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{f7a1c886-98f4-11dd-8c74-0019db2e80dc}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.008 ! ]
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
20 avril 2009 à 20:56
Bonsoir,

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau

▶ choisi l'option 2 ( Suppression )

▶ Ton bureau disparaîtra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0