Clé usb infectée ; rapport USBfix
salamel
Messages postés
1
Statut
Membre
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
############################# | UsbFix V 7.150 | [Recherche]
Utilisateur: MARCHIONI (Administrateur) # MARCHIONI-PC
Mis à jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lancé à 23:01:44 | 15/11/2013
Site Web : https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Dell Inc. (0CXHNM)
CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
RAM -> [Total : 2979 | Free : 1398]
Bios: Dell Inc.
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 23.0.1
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Antivirus Trend Micro OfficeScan [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 283 Go (229 Go libre(s) - 81%) [OS] # NTFS
D:\ -> CD-ROM
F:\ -> Disque amovible # 14 Go (12 Go libre(s) - 81%) [USB DISK] # FAT32
################## | Processus Actif |
C:\windows\system32\csrss.exe (ID: 464 |ParentID: 396)
C:\windows\system32\csrss.exe (ID: 528 |ParentID: 520)
C:\windows\system32\wininit.exe (ID: 536 |ParentID: 396)
C:\windows\system32\winlogon.exe (ID: 584 |ParentID: 520)
C:\windows\system32\services.exe (ID: 636 |ParentID: 536)
C:\windows\system32\lsass.exe (ID: 644 |ParentID: 536)
C:\windows\system32\lsm.exe (ID: 656 |ParentID: 536)
C:\windows\system32\svchost.exe (ID: 744 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 852 |ParentID: 636)
C:\windows\System32\svchost.exe (ID: 916 |ParentID: 636)
C:\windows\System32\svchost.exe (ID: 976 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 1016 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 352 |ParentID: 636)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 472 |ParentID: 636)
C:\Windows\system32\vcsFPService.exe (ID: 1272 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 1340 |ParentID: 636)
C:\windows\system32\WLANExt.exe (ID: 1476 |ParentID: 976)
C:\windows\system32\conhost.exe (ID: 1488 |ParentID: 464)
C:\windows\System32\spoolsv.exe (ID: 1552 |ParentID: 636)
C:\Program Files\DigitalPersona\Bin\DpHostW.exe (ID: 1608 |ParentID: 636)
C:\windows\system32\taskhost.exe (ID: 1712 |ParentID: 636)
C:\windows\system32\Dwm.exe (ID: 1768 |ParentID: 976)
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (ID: 1776 |ParentID: 584)
C:\windows\Explorer.EXE (ID: 1788 |ParentID: 1724)
C:\windows\system32\svchost.exe (ID: 1836 |ParentID: 636)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2008 |ParentID: 636)
C:\Program Files\IDT\WDM\AESTSr64.exe (ID: 1324 |ParentID: 636)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe (ID: 1860 |ParentID: 636)
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (ID: 2032 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 1644 |ParentID: 636)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID: 2080 |ParentID: 636)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe (ID: 2212 |ParentID: 636)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID: 2272 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 2296 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 2364 |ParentID: 636)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2396 |ParentID: 636)
C:\Windows\System32\igfxtray.exe (ID: 2628 |ParentID: 1788)
C:\Windows\System32\hkcmd.exe (ID: 2644 |ParentID: 1788)
C:\Windows\System32\igfxpers.exe (ID: 2672 |ParentID: 1788)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 2692 |ParentID: 1788)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2820 |ParentID: 1788)
C:\Program Files\Dell\QuickSet\quickset.exe (ID: 2224 |ParentID: 1788)
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (ID: 2496 |ParentID: 1788)
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (ID: 2740 |ParentID: 636)
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ID: 1244 |ParentID: 1788)
C:\Windows\System32\rundll32.exe (ID: 3016 |ParentID: 1788)
C:\Dell\DBRM\Reminder\DbrmTrayicon.exe (ID: 2616 |ParentID: 1788)
C:\Program Files\DigitalPersona\Bin\DPAgent.exe (ID: 2552 |ParentID: 1776)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 3204 |ParentID: 2992)
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (ID: 3244 |ParentID: 2992)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3300 |ParentID: 2396)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe (ID: 3344 |ParentID: 636)
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (ID: 3444 |ParentID: 2992)
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (ID: 3528 |ParentID: 2992)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 3696 |ParentID: 2992)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (ID: 3736 |ParentID: 2992)
C:\Program Files (x86)\Ask.com\Updater\Updater.exe (ID: 3824 |ParentID: 2992)
C:\windows\system32\wbem\unsecapp.exe (ID: 4076 |ParentID: 744)
C:\windows\system32\wbem\wmiprvse.exe (ID: 2928 |ParentID: 744)
C:\windows\system32\wbem\unsecapp.exe (ID: 3416 |ParentID: 744)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (ID: 3880 |ParentID: 3344)
C:\windows\system32\conhost.exe (ID: 4068 |ParentID: 464)
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (ID: 1700 |ParentID: 636)
C:\windows\system32\SearchIndexer.exe (ID: 4188 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 4224 |ParentID: 636)
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (ID: 4516 |ParentID: 744)
C:\windows\system32\svchost.exe (ID: 4636 |ParentID: 636)
C:\windows\System32\WUDFHost.exe (ID: 4148 |ParentID: 976)
C:\Program Files (x86)\eInstruction\Device Manager\Launch.exe (ID: 4840 |ParentID: 1788)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 168 |ParentID: 2820)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (ID: 4264 |ParentID: 5112)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (ID: 4608 |ParentID: 4264)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe (ID: 4524 |ParentID: 636)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 3556 |ParentID: 636)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4288 |ParentID: 636)
C:\windows\System32\svchost.exe (ID: 3580 |ParentID: 636)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 1004 |ParentID: 636)
C:\windows\system32\msiexec.exe (ID: 3180 |ParentID: 636)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 876 |ParentID: 636)
C:\windows\system32\taskeng.exe (ID: 3540 |ParentID: 352)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 4052 |ParentID: 1788)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 3236 |ParentID: 4052)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (ID: 5668 |ParentID: 3236)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (ID: 5952 |ParentID: 5668)
C:\windows\system32\taskeng.exe (ID: 6108 |ParentID: 352)
C:\UsbFix\Go.exe (ID: 4012 |ParentID: 1908)
C:\windows\system32\wbem\wmiprvse.exe (ID: 4512 |ParentID: 744)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
04 - HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE | Run : [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
04 - HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
04 - HKLM\SOFTWARE | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
04 - HKLM\SOFTWARE | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [OfficeScanNT Monitor] - "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
04 - HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [OfficeScanNT Monitor] - "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\SOFTWARE\wow6432Node | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-3799622186-446190880-677333232-1000\SOFTWARE | RunOnce : [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
################## | Recherche générique |
Présent! F:\CM2.lnk
Présent! F:\2013 2014- présentation interventions IFM.lnk
Présent! F:\fiche métier patissier.lnk
Présent! F:\college.lnk
Présent! F:\image pour cours.lnk
Présent! F:\inspections.lnk
Présent! F:\logiciels svt.lnk
Présent! F:\formations.lnk
Présent! F:\Liaison collège - lycée.lnk
Présent! F:\assise de EP.lnk
Présent! F:\Recycled.lnk
Présent! F:\BOOTEX.lnk
Présent! F:\iTunesHelper.vbe
################## | Référence de comparaison MD5 |
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> F:\iTunesHelper.vbe
################## | Comparaison MD5 |
Présent! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> F:\iTunesHelper.vbe
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
Utilisateur: MARCHIONI (Administrateur) # MARCHIONI-PC
Mis à jour le 08/11/2013 par El Desaparecido - Team SosVirus
Lancé à 23:01:44 | 15/11/2013
Site Web : https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Dell Inc. (0CXHNM)
CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
RAM -> [Total : 2979 | Free : 1398]
Bios: Dell Inc.
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 23.0.1
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Antivirus Trend Micro OfficeScan [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 283 Go (229 Go libre(s) - 81%) [OS] # NTFS
D:\ -> CD-ROM
F:\ -> Disque amovible # 14 Go (12 Go libre(s) - 81%) [USB DISK] # FAT32
################## | Processus Actif |
C:\windows\system32\csrss.exe (ID: 464 |ParentID: 396)
C:\windows\system32\csrss.exe (ID: 528 |ParentID: 520)
C:\windows\system32\wininit.exe (ID: 536 |ParentID: 396)
C:\windows\system32\winlogon.exe (ID: 584 |ParentID: 520)
C:\windows\system32\services.exe (ID: 636 |ParentID: 536)
C:\windows\system32\lsass.exe (ID: 644 |ParentID: 536)
C:\windows\system32\lsm.exe (ID: 656 |ParentID: 536)
C:\windows\system32\svchost.exe (ID: 744 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 852 |ParentID: 636)
C:\windows\System32\svchost.exe (ID: 916 |ParentID: 636)
C:\windows\System32\svchost.exe (ID: 976 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 1016 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 352 |ParentID: 636)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 472 |ParentID: 636)
C:\Windows\system32\vcsFPService.exe (ID: 1272 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 1340 |ParentID: 636)
C:\windows\system32\WLANExt.exe (ID: 1476 |ParentID: 976)
C:\windows\system32\conhost.exe (ID: 1488 |ParentID: 464)
C:\windows\System32\spoolsv.exe (ID: 1552 |ParentID: 636)
C:\Program Files\DigitalPersona\Bin\DpHostW.exe (ID: 1608 |ParentID: 636)
C:\windows\system32\taskhost.exe (ID: 1712 |ParentID: 636)
C:\windows\system32\Dwm.exe (ID: 1768 |ParentID: 976)
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (ID: 1776 |ParentID: 584)
C:\windows\Explorer.EXE (ID: 1788 |ParentID: 1724)
C:\windows\system32\svchost.exe (ID: 1836 |ParentID: 636)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2008 |ParentID: 636)
C:\Program Files\IDT\WDM\AESTSr64.exe (ID: 1324 |ParentID: 636)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe (ID: 1860 |ParentID: 636)
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (ID: 2032 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 1644 |ParentID: 636)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID: 2080 |ParentID: 636)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe (ID: 2212 |ParentID: 636)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID: 2272 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 2296 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 2364 |ParentID: 636)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2396 |ParentID: 636)
C:\Windows\System32\igfxtray.exe (ID: 2628 |ParentID: 1788)
C:\Windows\System32\hkcmd.exe (ID: 2644 |ParentID: 1788)
C:\Windows\System32\igfxpers.exe (ID: 2672 |ParentID: 1788)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 2692 |ParentID: 1788)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2820 |ParentID: 1788)
C:\Program Files\Dell\QuickSet\quickset.exe (ID: 2224 |ParentID: 1788)
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (ID: 2496 |ParentID: 1788)
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (ID: 2740 |ParentID: 636)
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ID: 1244 |ParentID: 1788)
C:\Windows\System32\rundll32.exe (ID: 3016 |ParentID: 1788)
C:\Dell\DBRM\Reminder\DbrmTrayicon.exe (ID: 2616 |ParentID: 1788)
C:\Program Files\DigitalPersona\Bin\DPAgent.exe (ID: 2552 |ParentID: 1776)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 3204 |ParentID: 2992)
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (ID: 3244 |ParentID: 2992)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3300 |ParentID: 2396)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe (ID: 3344 |ParentID: 636)
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (ID: 3444 |ParentID: 2992)
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (ID: 3528 |ParentID: 2992)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 3696 |ParentID: 2992)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (ID: 3736 |ParentID: 2992)
C:\Program Files (x86)\Ask.com\Updater\Updater.exe (ID: 3824 |ParentID: 2992)
C:\windows\system32\wbem\unsecapp.exe (ID: 4076 |ParentID: 744)
C:\windows\system32\wbem\wmiprvse.exe (ID: 2928 |ParentID: 744)
C:\windows\system32\wbem\unsecapp.exe (ID: 3416 |ParentID: 744)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (ID: 3880 |ParentID: 3344)
C:\windows\system32\conhost.exe (ID: 4068 |ParentID: 464)
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (ID: 1700 |ParentID: 636)
C:\windows\system32\SearchIndexer.exe (ID: 4188 |ParentID: 636)
C:\windows\system32\svchost.exe (ID: 4224 |ParentID: 636)
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (ID: 4516 |ParentID: 744)
C:\windows\system32\svchost.exe (ID: 4636 |ParentID: 636)
C:\windows\System32\WUDFHost.exe (ID: 4148 |ParentID: 976)
C:\Program Files (x86)\eInstruction\Device Manager\Launch.exe (ID: 4840 |ParentID: 1788)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 168 |ParentID: 2820)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (ID: 4264 |ParentID: 5112)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (ID: 4608 |ParentID: 4264)
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe (ID: 4524 |ParentID: 636)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 3556 |ParentID: 636)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4288 |ParentID: 636)
C:\windows\System32\svchost.exe (ID: 3580 |ParentID: 636)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 1004 |ParentID: 636)
C:\windows\system32\msiexec.exe (ID: 3180 |ParentID: 636)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 876 |ParentID: 636)
C:\windows\system32\taskeng.exe (ID: 3540 |ParentID: 352)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 4052 |ParentID: 1788)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 3236 |ParentID: 4052)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (ID: 5668 |ParentID: 3236)
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (ID: 5952 |ParentID: 5668)
C:\windows\system32\taskeng.exe (ID: 6108 |ParentID: 352)
C:\UsbFix\Go.exe (ID: 4012 |ParentID: 1908)
C:\windows\system32\wbem\wmiprvse.exe (ID: 4512 |ParentID: 744)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
04 - HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE | Run : [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
04 - HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
04 - HKLM\SOFTWARE | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
04 - HKLM\SOFTWARE | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [OfficeScanNT Monitor] - "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
04 - HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [OfficeScanNT Monitor] - "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\SOFTWARE\wow6432Node | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-3799622186-446190880-677333232-1000\SOFTWARE | RunOnce : [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
################## | Recherche générique |
Présent! F:\CM2.lnk
Présent! F:\2013 2014- présentation interventions IFM.lnk
Présent! F:\fiche métier patissier.lnk
Présent! F:\college.lnk
Présent! F:\image pour cours.lnk
Présent! F:\inspections.lnk
Présent! F:\logiciels svt.lnk
Présent! F:\formations.lnk
Présent! F:\Liaison collège - lycée.lnk
Présent! F:\assise de EP.lnk
Présent! F:\Recycled.lnk
Présent! F:\BOOTEX.lnk
Présent! F:\iTunesHelper.vbe
################## | Référence de comparaison MD5 |
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> F:\iTunesHelper.vbe
################## | Comparaison MD5 |
Présent! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> F:\iTunesHelper.vbe
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
A voir également:
- Clé usb infectée ; rapport USBfix
- Clé usb non détectée - Guide
- Clé usb - Accueil - Stockage
- Formater clé usb - Guide
- Clé windows 8 - Guide
- Creer cle usb windows 10 - Guide
