Virus sur clé usb qui tansforme fichiers en raccourcis
suz1990
Messages postés
13
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
En branchant ma clé sur les ordis de l'université j'ai eu la mauvaise surprise de me retrouver avec un virus qui a transformé tous les fichiers de ma clé en raccourcis! Ne sachant pas vraiment si c'etait un virus ou un quelconque beug j'ai branché ma clé sur mon ordi donc mon ordi est devenu aussi infecté ! Je sais... pas de chance ! Y a t'il une ame charitable qui pourra m'aider a éradiquer ce virus de ma clé et de mon ordi ? Merci en avance
En branchant ma clé sur les ordis de l'université j'ai eu la mauvaise surprise de me retrouver avec un virus qui a transformé tous les fichiers de ma clé en raccourcis! Ne sachant pas vraiment si c'etait un virus ou un quelconque beug j'ai branché ma clé sur mon ordi donc mon ordi est devenu aussi infecté ! Je sais... pas de chance ! Y a t'il une ame charitable qui pourra m'aider a éradiquer ce virus de ma clé et de mon ordi ? Merci en avance
A voir également:
- Virus sur clé usb qui tansforme fichiers en raccourcis
- Clé usb non détectée - Guide
- Clé usb - Accueil - Stockage
- Formater clé usb - Guide
- Clé windows 8 - Guide
- Télécharger windows 7 sur clé usb gratuit - Télécharger - Systèmes d'exploitation
9 réponses
Bonjour
Ton infection est une infection qui se propage par disques amovibles (clefs USB, disque dur externe, carte flash etc..).
Les disques amovibles que tu as insérés dans l'ordinateur quand celui-ci était infecté ont été infectés à leur tour.
Le simple faite d'ouvrir le poste de travail et de double-cliquer sur ta clef USB/disque dur externe va réinfecter ton système.
Tu trouveras un lien explicatif sur la propagation de ces infections, comment s'en protéger etc.... à partir de ces liens :
https://forum.malekal.com/viewtopic.php?t=5544&start=
Pour remédier à cela :
Télécharge et installe UsbFix de El Desaparecido & g3n-h@ckm@n
https://toolslib.net
Tutoriel de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
*
Si votre antivirus affiche une alerte, ignorez-la et désactivez l'antivirus temporairement.
* Double clic sur UsbFix (pour les utilisateurs de windows Vista , windows 7 , windows 8) , clique droit => exécuter en tant qu'administrateur"
* Cliquer sur recherche.
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaîtra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Ton infection est une infection qui se propage par disques amovibles (clefs USB, disque dur externe, carte flash etc..).
Les disques amovibles que tu as insérés dans l'ordinateur quand celui-ci était infecté ont été infectés à leur tour.
Le simple faite d'ouvrir le poste de travail et de double-cliquer sur ta clef USB/disque dur externe va réinfecter ton système.
Tu trouveras un lien explicatif sur la propagation de ces infections, comment s'en protéger etc.... à partir de ces liens :
https://forum.malekal.com/viewtopic.php?t=5544&start=
Pour remédier à cela :
Télécharge et installe UsbFix de El Desaparecido & g3n-h@ckm@n
https://toolslib.net
Tutoriel de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
*
Si votre antivirus affiche une alerte, ignorez-la et désactivez l'antivirus temporairement.
* Double clic sur UsbFix (pour les utilisateurs de windows Vista , windows 7 , windows 8) , clique droit => exécuter en tant qu'administrateur"
* Cliquer sur recherche.
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaîtra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Quand je lance le téléchargement ca me renvois sur ce lien la http://eldesaparecido.com/tools/UsbFix.exe qui ne veux pas ouvrir et puis ca me mets que le téléchargement est fini sauf que je ne peux pas trouver le programme téléchargé nullepart
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ca me met ce message a chaque fois que je vais sur un lien de telechargement
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
Bonjour
Voici le rapport que j'ai eu avec usbfix merci d'avance pour toute aide pour me debarrasser de ce virus qui me complique la vie !
############################## | UsbFix V 7.152 | [Research]
User: compurama (Administrator) # COMPURAMA-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 17:48:35 | 01/12/2013
Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: TOSHIBA (Portable PC)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 2999 | Free : 1523]
Bios: INSYDE
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 18.0.2
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 443 Gb (306 Mb free - 69%) [TI105322W0F] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 95%) [] # FAT32
F:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 94%) [SUZANA] # FAT
H:\ -> Removable drive # 1007 Mb (94 Mb free - 9%) [] # FAT
################## | Active Processes |
C:\Windows\system32\csrss.exe (ID: 580 |ParentID: 480)
C:\Windows\system32\wininit.exe (ID: 620 |ParentID: 480)
C:\Windows\system32\csrss.exe (ID: 628 |ParentID: 612)
C:\Windows\system32\services.exe (ID: 676 |ParentID: 620)
C:\Windows\system32\lsass.exe (ID: 696 |ParentID: 620)
C:\Windows\system32\lsm.exe (ID: 704 |ParentID: 620)
C:\Windows\system32\winlogon.exe (ID: 792 |ParentID: 612)
C:\Windows\system32\svchost.exe (ID: 848 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 940 |ParentID: 676)
C:\Windows\System32\svchost.exe (ID: 1032 |ParentID: 676)
C:\Windows\System32\svchost.exe (ID: 1076 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1124 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1172 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1376 |ParentID: 676)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1460 |ParentID: 676)
C:\Windows\System32\spoolsv.exe (ID: 1568 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1604 |ParentID: 676)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1680 |ParentID: 676)
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 1716 |ParentID: 676)
C:\Windows\system32\schtasks.exe (ID: 1764 |ParentID: 1716)
C:\Windows\system32\conhost.exe (ID: 1804 |ParentID: 580)
C:\Program Files\RelevantKnowledge\rlservice.exe (ID: 1884 |ParentID: 676)
C:\Windows\system32\sppsvc.exe (ID: 1940 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1976 |ParentID: 676)
C:\Program Files\glindorus\updateglindorus.exe (ID: 2008 |ParentID: 676)
C:\Program Files\glindorus\bin\utilglindorus.exe (ID: 1728 |ParentID: 676)
C:\Windows\system32\Dwm.exe (ID: 2068 |ParentID: 1076)
C:\Windows\Explorer.EXE (ID: 2108 |ParentID: 584)
C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe (ID: 2144 |ParentID: 676)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2208 |ParentID: 676)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2336 |ParentID: 2208)
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 2464 |ParentID: 1716)
C:\Windows\system32\taskhost.exe (ID: 2644 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 2968 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 2988 |ParentID: 676)
C:\Windows\system32\taskeng.exe (ID: 3176 |ParentID: 1172)
C:\Windows\System32\hkcmd.exe (ID: 3188 |ParentID: 2108)
C:\Windows\System32\igfxpers.exe (ID: 3220 |ParentID: 2108)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 3228 |ParentID: 2108)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 3236 |ParentID: 2108)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 3252 |ParentID: 2108)
C:\Program Files\CyberLink\YouCam\YouCamTray.exe (ID: 3316 |ParentID: 2108)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3336 |ParentID: 2108)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3352 |ParentID: 2108)
C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe (ID: 3380 |ParentID: 2108)
C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe (ID: 3388 |ParentID: 2108)
C:\Program Files\Nimbuzz\Nimbuzz.exe (ID: 3408 |ParentID: 2108)
C:\Windows\system32\taskeng.exe (ID: 3484 |ParentID: 1172)
C:\Program Files\DealPlyLive\Update\DealPlyLive.exe (ID: 3508 |ParentID: 3176)
C:\Windows\System32\WUDFHost.exe (ID: 3584 |ParentID: 1076)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 3596 |ParentID: 2108)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3612 |ParentID: 2108)
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (ID: 3896 |ParentID: 3484)
C:\Windows\system32\taskeng.exe (ID: 3984 |ParentID: 1172)
C:\Program Files\Skype\Phone\Skype.exe (ID: 1832 |ParentID: 2108)
C:\Windows\system32\svchost.exe (ID: 2716 |ParentID: 676)
C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 2864 |ParentID: 2108)
C:\Windows\system32\Rundll32.exe (ID: 3756 |ParentID: 3984)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4072 |ParentID: 3228)
C:\Windows\system32\SearchIndexer.exe (ID: 4016 |ParentID: 676)
C:\Program Files\Optimizer Pro\OptProSmartScan.exe (ID: 3556 |ParentID: 1092)
C:\Program Files\Optimizer Pro\OptProReminder.exe (ID: 3952 |ParentID: 1092)
C:\Windows\System32\wscript.exe (ID: 4152 |ParentID: 2108)
C:\Users\compurama\AppData\Local\Smartbar\Application\Smartbar.exe (ID: 4432 |ParentID: 2108)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 4516 |ParentID: 3596)
C:\Windows\system32\SearchProtocolHost.exe (ID: 4612 |ParentID: 4016)
C:\Windows\System32\svchost.exe (ID: 4760 |ParentID: 676)
C:\Windows\system32\SearchFilterHost.exe (ID: 4776 |ParentID: 4016)
C:\Program Files\RelevantKnowledge\rlvknlg.exe (ID: 5108 |ParentID: 1884)
C:\Users\compurama\AppData\Local\FilesFrog Update Checker\update_checker.exe (ID: 5364 |ParentID: 3484)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4064 |ParentID: 848)
C:\Windows\system32\wbem\unsecapp.exe (ID: 4860 |ParentID: 848)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4460 |ParentID: 676)
C:\PROGRA~1\RELEVA~1\rlvknlg32.exe (ID: 4272 |ParentID: 2592)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 752 |ParentID: 848)
C:\Windows\System32\svchost.exe (ID: 4120 |ParentID: 676)
C:\Windows\system32\igfxsrvc.exe (ID: 268 |ParentID: 848)
C:\UsbFix\Go.exe (ID: 5000 |ParentID: 4688)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
04 - HKLM\SOFTWARE | Run : [YouCam Mirror Tray icon] - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_43] -
04 - HKLM\SOFTWARE | Run : [MyStart Anti-phishing Domain Advisor] - "C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe"
04 - HKLM\SOFTWARE | Run : [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
04 - HKLM\SOFTWARE | Run : [FrameFox Extensions] - C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Nimbuzz] - C:\Program Files\Nimbuzz\Nimbuzz.exe
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [DriverScanner] - "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Spotify] - "C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Viber] - "C:\Users\compurama\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [BackgroundContainer] - "C:\Windows\system32\Rundll32.exe" "C:\Users\compurama\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Intel(R)Service] - wscript.exe //B "C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs"
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\compurama\AppData\Local\Smartbar\Application\Smartbar.exe startup
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Generic Research |
Found ! C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs
Found ! C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Found ! E:\Intel(R)Service.vbs
Found ! G:\Intel(R)Service.vbs
Found ! H:\Intel(R)Service.vbs
Found ! G:\.lnk
Found ! G:\Progress report 4 fab.lnk
Found ! G:\CD3 hab cohort2 20130409.lnk
Found ! G:\comments on papers.lnk
Found ! G:\Notions d'éléctricité.lnk
Found ! G:\Desmedt 2012.lnk
Found ! G:\~$Reward pathways-1.lnk
Found ! G:\Herry_et_al_10 Neuronal circuits of fear extinction.lnk
Found ! G:\obes_addict_less2013Cota.lnk
Found ! G:\~$Fanselow and Maren 1995.lnk
Found ! G:\Fear Conditioning Enhances Short-Latency Auditory Responses of Lateral.lnk
Found ! G:\Memory Consolidation.lnk
Found ! G:\Spatial learning depends on both the addition and removal of new hippocampal neurons.lnk
Found ! G:\Selective erasure of a fear memory Josselyn 2009.lnk
Found ! G:\FC enhances different temporal components of Tone-Evoked spike.lnk
Found ! G:\Creating a false memory in the hippocampus.lnk
Found ! G:\~$Creating a false memory in the hippocampus.lnk
Found ! G:\Early Tagging of Cortical Networks Bontempi.lnk
Found ! G:\Antidepressants spampinato.lnk
Found ! G:\~$FC enhances different temporal components of Tone-Evoked spike.lnk
Found ! G:\~$Progress report 4 fab.lnk
Found ! G:\Postsynaptic receptor trafficking underly a form of associative memory.lnk
Found ! G:\Neuronal circuits of contextual fear discrimination.lnk
Found ! G:\Rob graph.lnk
Found ! H:\.lnk
Found ! H:\lab meeting 27 05 13.lnk
Found ! H:\~$lab meeting 27 05 13.lnk
Found ! H:\~$Epigenetic regulation of memory formation and maintenance.lnk
Found ! H:\filesystem
Found ! H:\ice
Found ! H:\PRVA
Found ! H:\R
################## | Reference of comparison MD5 |
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> E:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> G:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> H:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
################## | Comparison MD5 |
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Local\Temp\Intel(R)Service.vbs
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> E:\Intel(R)Service.vbs
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> G:\Intel(R)Service.vbs
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> H:\Intel(R)Service.vbs
################## | Registry |
Found ! HKU\S-1-5-21-1296205293-2209527227-45657569-1000\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)Service
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)Service
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
Voici le rapport que j'ai eu avec usbfix merci d'avance pour toute aide pour me debarrasser de ce virus qui me complique la vie !
############################## | UsbFix V 7.152 | [Research]
User: compurama (Administrator) # COMPURAMA-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 17:48:35 | 01/12/2013
Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: TOSHIBA (Portable PC)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 2999 | Free : 1523]
Bios: INSYDE
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 18.0.2
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 443 Gb (306 Mb free - 69%) [TI105322W0F] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 95%) [] # FAT32
F:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 94%) [SUZANA] # FAT
H:\ -> Removable drive # 1007 Mb (94 Mb free - 9%) [] # FAT
################## | Active Processes |
C:\Windows\system32\csrss.exe (ID: 580 |ParentID: 480)
C:\Windows\system32\wininit.exe (ID: 620 |ParentID: 480)
C:\Windows\system32\csrss.exe (ID: 628 |ParentID: 612)
C:\Windows\system32\services.exe (ID: 676 |ParentID: 620)
C:\Windows\system32\lsass.exe (ID: 696 |ParentID: 620)
C:\Windows\system32\lsm.exe (ID: 704 |ParentID: 620)
C:\Windows\system32\winlogon.exe (ID: 792 |ParentID: 612)
C:\Windows\system32\svchost.exe (ID: 848 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 940 |ParentID: 676)
C:\Windows\System32\svchost.exe (ID: 1032 |ParentID: 676)
C:\Windows\System32\svchost.exe (ID: 1076 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1124 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1172 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1376 |ParentID: 676)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1460 |ParentID: 676)
C:\Windows\System32\spoolsv.exe (ID: 1568 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1604 |ParentID: 676)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1680 |ParentID: 676)
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 1716 |ParentID: 676)
C:\Windows\system32\schtasks.exe (ID: 1764 |ParentID: 1716)
C:\Windows\system32\conhost.exe (ID: 1804 |ParentID: 580)
C:\Program Files\RelevantKnowledge\rlservice.exe (ID: 1884 |ParentID: 676)
C:\Windows\system32\sppsvc.exe (ID: 1940 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 1976 |ParentID: 676)
C:\Program Files\glindorus\updateglindorus.exe (ID: 2008 |ParentID: 676)
C:\Program Files\glindorus\bin\utilglindorus.exe (ID: 1728 |ParentID: 676)
C:\Windows\system32\Dwm.exe (ID: 2068 |ParentID: 1076)
C:\Windows\Explorer.EXE (ID: 2108 |ParentID: 584)
C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe (ID: 2144 |ParentID: 676)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2208 |ParentID: 676)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2336 |ParentID: 2208)
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 2464 |ParentID: 1716)
C:\Windows\system32\taskhost.exe (ID: 2644 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 2968 |ParentID: 676)
C:\Windows\system32\svchost.exe (ID: 2988 |ParentID: 676)
C:\Windows\system32\taskeng.exe (ID: 3176 |ParentID: 1172)
C:\Windows\System32\hkcmd.exe (ID: 3188 |ParentID: 2108)
C:\Windows\System32\igfxpers.exe (ID: 3220 |ParentID: 2108)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 3228 |ParentID: 2108)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 3236 |ParentID: 2108)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 3252 |ParentID: 2108)
C:\Program Files\CyberLink\YouCam\YouCamTray.exe (ID: 3316 |ParentID: 2108)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3336 |ParentID: 2108)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3352 |ParentID: 2108)
C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe (ID: 3380 |ParentID: 2108)
C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe (ID: 3388 |ParentID: 2108)
C:\Program Files\Nimbuzz\Nimbuzz.exe (ID: 3408 |ParentID: 2108)
C:\Windows\system32\taskeng.exe (ID: 3484 |ParentID: 1172)
C:\Program Files\DealPlyLive\Update\DealPlyLive.exe (ID: 3508 |ParentID: 3176)
C:\Windows\System32\WUDFHost.exe (ID: 3584 |ParentID: 1076)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 3596 |ParentID: 2108)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3612 |ParentID: 2108)
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (ID: 3896 |ParentID: 3484)
C:\Windows\system32\taskeng.exe (ID: 3984 |ParentID: 1172)
C:\Program Files\Skype\Phone\Skype.exe (ID: 1832 |ParentID: 2108)
C:\Windows\system32\svchost.exe (ID: 2716 |ParentID: 676)
C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 2864 |ParentID: 2108)
C:\Windows\system32\Rundll32.exe (ID: 3756 |ParentID: 3984)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4072 |ParentID: 3228)
C:\Windows\system32\SearchIndexer.exe (ID: 4016 |ParentID: 676)
C:\Program Files\Optimizer Pro\OptProSmartScan.exe (ID: 3556 |ParentID: 1092)
C:\Program Files\Optimizer Pro\OptProReminder.exe (ID: 3952 |ParentID: 1092)
C:\Windows\System32\wscript.exe (ID: 4152 |ParentID: 2108)
C:\Users\compurama\AppData\Local\Smartbar\Application\Smartbar.exe (ID: 4432 |ParentID: 2108)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 4516 |ParentID: 3596)
C:\Windows\system32\SearchProtocolHost.exe (ID: 4612 |ParentID: 4016)
C:\Windows\System32\svchost.exe (ID: 4760 |ParentID: 676)
C:\Windows\system32\SearchFilterHost.exe (ID: 4776 |ParentID: 4016)
C:\Program Files\RelevantKnowledge\rlvknlg.exe (ID: 5108 |ParentID: 1884)
C:\Users\compurama\AppData\Local\FilesFrog Update Checker\update_checker.exe (ID: 5364 |ParentID: 3484)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4064 |ParentID: 848)
C:\Windows\system32\wbem\unsecapp.exe (ID: 4860 |ParentID: 848)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4460 |ParentID: 676)
C:\PROGRA~1\RELEVA~1\rlvknlg32.exe (ID: 4272 |ParentID: 2592)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 752 |ParentID: 848)
C:\Windows\System32\svchost.exe (ID: 4120 |ParentID: 676)
C:\Windows\system32\igfxsrvc.exe (ID: 268 |ParentID: 848)
C:\UsbFix\Go.exe (ID: 5000 |ParentID: 4688)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
04 - HKLM\SOFTWARE | Run : [YouCam Mirror Tray icon] - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_43] -
04 - HKLM\SOFTWARE | Run : [MyStart Anti-phishing Domain Advisor] - "C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe"
04 - HKLM\SOFTWARE | Run : [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
04 - HKLM\SOFTWARE | Run : [FrameFox Extensions] - C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Nimbuzz] - C:\Program Files\Nimbuzz\Nimbuzz.exe
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [DriverScanner] - "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Spotify] - "C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Viber] - "C:\Users\compurama\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [BackgroundContainer] - "C:\Windows\system32\Rundll32.exe" "C:\Users\compurama\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Intel(R)Service] - wscript.exe //B "C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs"
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\compurama\AppData\Local\Smartbar\Application\Smartbar.exe startup
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Generic Research |
Found ! C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs
Found ! C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Found ! E:\Intel(R)Service.vbs
Found ! G:\Intel(R)Service.vbs
Found ! H:\Intel(R)Service.vbs
Found ! G:\.lnk
Found ! G:\Progress report 4 fab.lnk
Found ! G:\CD3 hab cohort2 20130409.lnk
Found ! G:\comments on papers.lnk
Found ! G:\Notions d'éléctricité.lnk
Found ! G:\Desmedt 2012.lnk
Found ! G:\~$Reward pathways-1.lnk
Found ! G:\Herry_et_al_10 Neuronal circuits of fear extinction.lnk
Found ! G:\obes_addict_less2013Cota.lnk
Found ! G:\~$Fanselow and Maren 1995.lnk
Found ! G:\Fear Conditioning Enhances Short-Latency Auditory Responses of Lateral.lnk
Found ! G:\Memory Consolidation.lnk
Found ! G:\Spatial learning depends on both the addition and removal of new hippocampal neurons.lnk
Found ! G:\Selective erasure of a fear memory Josselyn 2009.lnk
Found ! G:\FC enhances different temporal components of Tone-Evoked spike.lnk
Found ! G:\Creating a false memory in the hippocampus.lnk
Found ! G:\~$Creating a false memory in the hippocampus.lnk
Found ! G:\Early Tagging of Cortical Networks Bontempi.lnk
Found ! G:\Antidepressants spampinato.lnk
Found ! G:\~$FC enhances different temporal components of Tone-Evoked spike.lnk
Found ! G:\~$Progress report 4 fab.lnk
Found ! G:\Postsynaptic receptor trafficking underly a form of associative memory.lnk
Found ! G:\Neuronal circuits of contextual fear discrimination.lnk
Found ! G:\Rob graph.lnk
Found ! H:\.lnk
Found ! H:\lab meeting 27 05 13.lnk
Found ! H:\~$lab meeting 27 05 13.lnk
Found ! H:\~$Epigenetic regulation of memory formation and maintenance.lnk
Found ! H:\filesystem
Found ! H:\ice
Found ! H:\PRVA
Found ! H:\R
################## | Reference of comparison MD5 |
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> E:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> G:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> H:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
################## | Comparison MD5 |
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Local\Temp\Intel(R)Service.vbs
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> E:\Intel(R)Service.vbs
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> G:\Intel(R)Service.vbs
Found ! Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> H:\Intel(R)Service.vbs
################## | Registry |
Found ! HKU\S-1-5-21-1296205293-2209527227-45657569-1000\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)Service
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)Service
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
Bonsoir
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Double clic sur UsbFix (pour les utilisateurs de windows Vista , windows 7 , windows 8) , clique droit => exécuter en tant qu'administrateur"
# Choisis Suppression
# Ton bureau disparaîtra et le pc redémarrera.
# Au redémarrage, UsbFix scannera ton pc, laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
@+
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
# Double clic sur UsbFix (pour les utilisateurs de windows Vista , windows 7 , windows 8) , clique droit => exécuter en tant qu'administrateur"
# Choisis Suppression
# Ton bureau disparaîtra et le pc redémarrera.
# Au redémarrage, UsbFix scannera ton pc, laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
@+
Voila Ca serait possible de recuperer les fichiers sur mes clés?
############################## | UsbFix V 7.152 | [Deletion]
User: compurama (Administrator) # COMPURAMA-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 18:35:59 | 01/12/2013
Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: TOSHIBA (Portable PC)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 2999 | Free : 1706]
Bios: INSYDE
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 18.0.2
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 443 Gb (306 Mb free - 69%) [TI105322W0F] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 95%) [] # FAT32
F:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 94%) [SUZANA] # FAT
H:\ -> Removable drive # 1007 Mb (94 Mb free - 9%) [] # FAT
################## | Stopped processes |
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1460 |ParentID: 676)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3352 |ParentID: 2108)
Stopped! C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 5992 |ParentID: 676)
Stopped! C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 5336 |ParentID: 5992)
Stopped! C:\Windows\System32\WUDFHost.exe (ID: 5804 |ParentID: 1076)
Stopped! C:\Windows\System32\rundll32.exe (ID: 4500 |ParentID: 848)
Stopped! C:\Program Files\glindorus\updateglindorus.exe (ID: 4584 |ParentID: 676)
Stopped! C:\Program Files\glindorus\bin\utilglindorus.exe (ID: 4676 |ParentID: 676)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 6084 |ParentID: 676)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 1880 |ParentID: 6084)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 2800 |ParentID: 676)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2644 |ParentID: 676)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 1736 |ParentID: 676)
Stopped! C:\Windows\Explorer.exe (ID: 4312 |ParentID: 5000)
Stopped! C:\Windows\system32\NOTEPAD.EXE (ID: 1024 |ParentID: 5000)
Stopped! C:\Windows\system32\DllHost.exe (ID: 5260 |ParentID: 848)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
04 - HKLM\SOFTWARE | Run : [YouCam Mirror Tray icon] - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_43] -
04 - HKLM\SOFTWARE | Run : [MyStart Anti-phishing Domain Advisor] - "C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe"
04 - HKLM\SOFTWARE | Run : [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
04 - HKLM\SOFTWARE | Run : [FrameFox Extensions] - C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Nimbuzz] - C:\Program Files\Nimbuzz\Nimbuzz.exe
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [DriverScanner] - "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Spotify] - "C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Viber] - "C:\Users\compurama\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [BackgroundContainer] - "C:\Windows\system32\Rundll32.exe" "C:\Users\compurama\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Intel(R)Service] - wscript.exe //B "C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs"
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\compurama\AppData\Local\Smartbar\Application\Smartbar.exe startup
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Generic Research |
Deleted ! C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs
Deleted ! C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Deleted ! E:\Intel(R)Service.vbs
Deleted ! G:\Intel(R)Service.vbs
Deleted ! H:\Intel(R)Service.vbs
Deleted ! G:\.lnk
Deleted ! G:\Progress report 4 fab.lnk
Deleted ! G:\CD3 hab cohort2 20130409.lnk
Deleted ! G:\comments on papers.lnk
Deleted ! G:\Notions d'éléctricité.lnk
Deleted ! G:\Desmedt 2012.lnk
Deleted ! G:\~$Reward pathways-1.lnk
Deleted ! G:\Herry_et_al_10 Neuronal circuits of fear extinction.lnk
Deleted ! G:\obes_addict_less2013Cota.lnk
Deleted ! G:\~$Fanselow and Maren 1995.lnk
Deleted ! G:\Fear Conditioning Enhances Short-Latency Auditory Responses of Lateral.lnk
Deleted ! G:\Memory Consolidation.lnk
Deleted ! G:\Spatial learning depends on both the addition and removal of new hippocampal neurons.lnk
Deleted ! G:\Selective erasure of a fear memory Josselyn 2009.lnk
Deleted ! G:\FC enhances different temporal components of Tone-Evoked spike.lnk
Deleted ! G:\Creating a false memory in the hippocampus.lnk
Deleted ! G:\~$Creating a false memory in the hippocampus.lnk
Deleted ! G:\Early Tagging of Cortical Networks Bontempi.lnk
Deleted ! G:\Antidepressants spampinato.lnk
Deleted ! G:\~$FC enhances different temporal components of Tone-Evoked spike.lnk
Deleted ! G:\~$Progress report 4 fab.lnk
Deleted ! G:\Postsynaptic receptor trafficking underly a form of associative memory.lnk
Deleted ! G:\Neuronal circuits of contextual fear discrimination.lnk
Deleted ! G:\Rob graph.lnk
Deleted ! H:\.lnk
Deleted ! H:\lab meeting 27 05 13.lnk
Deleted ! H:\~$lab meeting 27 05 13.lnk
Deleted ! H:\~$Epigenetic regulation of memory formation and maintenance.lnk
Deleted ! H:\filesystem
Deleted ! H:\ice
Deleted ! H:\PRVA
Deleted ! H:\R
(!) Temporary files deleted.
################## | Reference of comparison MD5 |
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> E:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> G:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> H:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
################## | Comparison MD5 |
################## | Registry |
Deleted ! HKU\S-1-5-21-1296205293-2209527227-45657569-1000\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)Service
Deleted ! HKU\S-1-5-21-1296205293-2209527227-45657569-1000\Software\.\.\.\.\Mountpoints2\{3ca5d11e-f5f2-11e1-9c80-00266c487db7}
################## | Listing |
[28/07/2012 - 13:52:36 | SHD ] C:\$Recycle.Bin
[26/05/2013 - 14:32:04 | D ] C:\20130521
[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat
[17/04/2013 - 07:50:52 | D ] C:\Biblioscape 8
[12/12/2009 - 23:02:14 | SHD ] C:\Boot
[14/07/2009 - 02:38:58 | RASH | 383562] C:\bootmgr
[12/12/2009 - 23:02:15 | RASH | 8192] C:\BOOTSECT.BAK
[24/11/2013 - 13:28:50 | SHD ] C:\Config.Msi
[10/06/2009 - 22:42:20 | N | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[01/12/2013 - 17:45:06 | ASH | 2358386688] C:\hiberfil.sys
[04/06/2010 - 02:35:26 | D ] C:\Intel
[22/12/2012 - 08:21:48 | N | 0] C:\IO.SYS
[22/12/2012 - 08:21:48 | N | 0] C:\MSDOS.SYS
[04/06/2010 - 02:22:54 | RHD ] C:\MSOCache
[01/12/2013 - 17:45:08 | ASH | 3144519680] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[26/11/2013 - 19:09:11 | D ] C:\Program Files
[28/07/2012 - 13:10:13 | D ] C:\Program Files (x86)
[26/11/2013 - 19:13:57 | HD ] C:\ProgramData
[28/07/2012 - 13:49:30 | SHD ] C:\Recovery
[20/10/2013 - 10:47:33 | D ] C:\SearchProtect
[29/11/2013 - 08:52:53 | SHD ] C:\System Volume Information
[01/12/2013 - 19:09:06 | D ] C:\UsbFix
[01/12/2013 - 19:10:04 | A | 10914] C:\UsbFix [Clean 1] COMPURAMA-PC.txt
[01/12/2013 - 16:55:52 | N | 7584] C:\UsbFix [Scan 1] COMPURAMA-PC.txt
[01/12/2013 - 17:03:09 | N | 11549] C:\UsbFix [Scan 2] COMPURAMA-PC.txt
[01/12/2013 - 17:47:45 | N | 6530] C:\UsbFix [Scan 3] COMPURAMA-PC.txt
[01/12/2013 - 18:27:29 | N | 14257] C:\UsbFix [Scan 4] COMPURAMA-PC.txt
[05/02/2012 - 09:30:12 | N | 237] C:\user.js
[03/09/2012 - 19:04:55 | RD ] C:\Users
[28/07/2012 - 13:50:28 | N | 171136] C:\w7ldr
[19/10/2013 - 07:14:52 | D ] C:\Windows
[29/07/2012 - 00:15:21 | D ] C:\Windows.old
[04/09/2013 - 12:16:54 | HD ] E:\.Trashes
[04/09/2013 - 12:16:56 | HD ] E:\.Spotlight-V100
[23/09/2013 - 17:46:12 | D ] E:\Pharmaco
[17/09/2013 - 21:42:54 | D ] E:\Addictology
[23/09/2013 - 17:47:52 | D ] E:\Neurosciences cognitives
[26/03/2013 - 19:21:16 | D ] E:\P&N
[09/10/2013 - 11:32:50 | D ] E:\Connaissance de l'entreprise
[04/07/2012 - 16:45:24 | SH | 4096] G:\._.Trashes
[10/06/2013 - 15:26:36 | N | 1984835] G:\Progress report 4 fab.pptx
[04/07/2012 - 16:45:24 | HD ] G:\.Trashes
[13/06/2013 - 11:20:52 | D ] G:\M1 internship
[04/07/2012 - 16:45:24 | HD ] G:\.Spotlight-V100
[10/06/2013 - 19:24:40 | D ] G:\dokumenty
[04/09/2013 - 16:40:14 | N | 31744] G:\CD3 hab cohort2 20130409.xls
[14/06/2013 - 10:32:36 | D ] G:\Auditory-Evoked Spike Firing in the Lateral amygdala bias or memory (Maren)
[13/08/2013 - 12:38:20 | D ] G:\Data ArchT in PL and fibers in BLA
[13/08/2013 - 16:06:50 | N | 16288] G:\comments on papers.docx
[02/07/2013 - 15:48:02 | N | 291869] G:\Notions d'éléctricité.pdf
[01/10/2013 - 14:45:58 | N | 347007] G:\Desmedt 2012.pptx
[17/09/2013 - 21:42:54 | D ] G:\lectures
[09/07/2013 - 09:48:08 | N | 165] G:\~$Reward pathways-1.pptx
[13/08/2013 - 16:28:30 | N | 442716] G:\Herry_et_al_10 Neuronal circuits of fear extinction.pdf
[29/10/2013 - 09:41:08 | D ] G:\Preprojet M2
[20/06/2013 - 14:03:00 | D ] G:\Neurons in medial prefrontal cortex signal memory for fear extinction (Milard & Quirk 2002)
[19/09/2012 - 16:01:20 | N | 261517] G:\obes_addict_less2013Cota.pdf
[20/08/2013 - 14:05:08 | N | 165] G:\~$Fanselow and Maren 1995.pptx
[16/09/2013 - 22:40:52 | N | 280599] G:\Fear Conditioning Enhances Short-Latency Auditory Responses of Lateral.pptx
[13/08/2013 - 12:22:14 | D ] G:\Internally generated cell assembly sequences in the rat hippocampus Buzsaki
[01/07/2013 - 17:08:06 | D ] G:\Context-Dependent Neuronal Activity in the Lateral Amygdala Represents Fear Memories after Extinction (Maren 2003)
[13/08/2013 - 12:28:36 | D ] G:\Discrete Coding of Reward Probability and Uncertainty by DA neurons (Schultz) 2003
[26/08/2013 - 16:27:00 | D ] G:\Encoding of conditioned fear in central amygdala inhibitory circuits
[13/08/2013 - 12:30:14 | D ] G:\Prefrontal microcircuit underlies contextual learning after hippocampal loss Fanselow
[22/10/2013 - 11:12:00 | N | 1173503] G:\Memory Consolidation.pptx
[20/08/2013 - 13:26:40 | D ] G:\Synaptic Plasticity in the Basolateral Amygdala induced by Hippocampal Formation Stimulation in vivo Fanselow and Maren 1995
[03/09/2013 - 14:05:18 | N | 623578] G:\Spatial learning depends on both the addition and removal of new hippocampal neurons.pptx
[10/09/2013 - 13:54:22 | N | 1609426] G:\Selective erasure of a fear memory Josselyn 2009.pptx
[24/09/2013 - 14:53:50 | N | 319835] G:\FC enhances different temporal components of Tone-Evoked spike.pptx
[08/10/2013 - 11:54:44 | N | 2018897] G:\Creating a false memory in the hippocampus.pptx
[08/10/2013 - 13:53:00 | N | 165] G:\~$Creating a false memory in the hippocampus.pptx
[29/10/2013 - 09:21:10 | N | 401131] G:\Early Tagging of Cortical Networks Bontempi.pptx
[28/10/2013 - 12:41:54 | N | 25609] G:\Antidepressants spampinato.docx
[02/11/2013 - 15:53:24 | N | 165] G:\~$FC enhances different temporal components of Tone-Evoked spike.pptx
[03/11/2013 - 16:11:22 | N | 165] G:\~$Progress report 4 fab.pptx
[04/11/2013 - 21:51:42 | N | 1678403] G:\Postsynaptic receptor trafficking underly a form of associative memory.pptx
[03/11/2013 - 22:14:50 | N | 224516] G:\Neuronal circuits of contextual fear discrimination.docx
[05/11/2013 - 14:16:24 | N | 39642] G:\Rob graph.pdf
[15/11/2013 - 08:52:14 | N | 133] G:\.~lock.Early Tagging of Cortical Networks Bontempi.pptx#
[08/10/2010 - 21:03:40 | D ] H:\S3
[27/05/2013 - 15:03:18 | N | 194186] H:\lab meeting 27 05 13.pptx
[26/01/2013 - 08:13:28 | D ] H:\FOUND.001
[02/04/2012 - 12:06:58 | D ] H:\.fseventsd
[26/03/2012 - 16:55:16 | D ] H:\BIOINF
[06/07/2010 - 21:44:58 | D ] H:\2010-07-06
[11/08/2009 - 11:25:00 | D ] H:\FOUND.000
[18/03/2010 - 15:20:16 | D ] H:\Recycled
[19/03/2012 - 16:27:36 | D ] H:\TP
[21/01/2011 - 10:37:18 | D ] H:\izbrojim
[25/01/2012 - 20:48:50 | D ] H:\animal models used to study obesity
[31/01/2013 - 22:01:06 | D ] H:\IRD
[08/10/2010 - 09:46:56 | SH | 4096] H:\._.Trashes
[08/10/2010 - 09:46:56 | HD ] H:\.Trashes
[06/10/2012 - 21:41:52 | D ] H:\AEB STAT
[08/10/2010 - 09:46:56 | HD ] H:\.Spotlight-V100
[08/10/2010 - 09:47:02 | N | 4096] H:\._Présentation.ppt
[27/05/2013 - 11:56:24 | N | 165] H:\~$lab meeting 27 05 13.pptx
[20/11/2013 - 07:25:38 | D ] H:\New folder
[03/05/2011 - 18:33:28 | N | 89] H:\.~lock.L2 new 2011.ppt#
[06/02/2012 - 12:11:44 | N | 133] H:\.~lock.New Texte OpenDocument (2).odt#
[27/04/2011 - 11:29:52 | N | 89] H:\.~lock.le_muscle.ppt#
[09/02/2012 - 00:56:52 | N | 4096] H:\._phyA thermoregulation 1.m4a
[08/03/2012 - 18:32:58 | N | 133] H:\.~lock.COMP SEXUEL.odt#
[01/03/2013 - 09:04:42 | D ] H:\td3 nargeot
[06/04/2012 - 12:34:20 | D ] H:\2012_04_06_12_33_04
[13/04/2012 - 12:16:06 | D ] H:\2012_04_13_12_15_12
[21/01/2013 - 17:06:24 | N | 4096] H:\._aprem avec les folles .fpbf
[26/01/2013 - 09:27:10 | N | 133] H:\.~lock.Boubakar cours 2.docx#
[26/01/2013 - 13:48:16 | N | 133] H:\.~lock.activité motrice posturale.docx#
[11/02/2013 - 10:16:00 | N | 165] H:\~$Epigenetic regulation of memory formation and maintenance.pptx
[05/03/2013 - 13:48:18 | N | 133] H:\.~lock.Sérotonine.docx#
[25/02/2013 - 07:59:08 | D ] H:\PNI td1 nargeot
################## | Vaccin |
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
############################## | UsbFix V 7.152 | [Deletion]
User: compurama (Administrator) # COMPURAMA-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 18:35:59 | 01/12/2013
Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: TOSHIBA (Portable PC)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 2999 | Free : 1706]
Bios: INSYDE
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 18.0.2
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 443 Gb (306 Mb free - 69%) [TI105322W0F] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 95%) [] # FAT32
F:\ -> CD-ROM
G:\ -> Removable drive # 2 Gb (2 Mb free - 94%) [SUZANA] # FAT
H:\ -> Removable drive # 1007 Mb (94 Mb free - 9%) [] # FAT
################## | Stopped processes |
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1460 |ParentID: 676)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3352 |ParentID: 2108)
Stopped! C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 5992 |ParentID: 676)
Stopped! C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (ID: 5336 |ParentID: 5992)
Stopped! C:\Windows\System32\WUDFHost.exe (ID: 5804 |ParentID: 1076)
Stopped! C:\Windows\System32\rundll32.exe (ID: 4500 |ParentID: 848)
Stopped! C:\Program Files\glindorus\updateglindorus.exe (ID: 4584 |ParentID: 676)
Stopped! C:\Program Files\glindorus\bin\utilglindorus.exe (ID: 4676 |ParentID: 676)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 6084 |ParentID: 676)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 1880 |ParentID: 6084)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 2800 |ParentID: 676)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2644 |ParentID: 676)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 1736 |ParentID: 676)
Stopped! C:\Windows\Explorer.exe (ID: 4312 |ParentID: 5000)
Stopped! C:\Windows\system32\NOTEPAD.EXE (ID: 1024 |ParentID: 5000)
Stopped! C:\Windows\system32\DllHost.exe (ID: 5260 |ParentID: 848)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
04 - HKLM\SOFTWARE | Run : [YouCam Mirror Tray icon] - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [tuto4pc_fr_43] -
04 - HKLM\SOFTWARE | Run : [MyStart Anti-phishing Domain Advisor] - "C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe"
04 - HKLM\SOFTWARE | Run : [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
04 - HKLM\SOFTWARE | Run : [FrameFox Extensions] - C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Nimbuzz] - C:\Program Files\Nimbuzz\Nimbuzz.exe
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [DriverScanner] - "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Spotify] - "C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Viber] - "C:\Users\compurama\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [BackgroundContainer] - "C:\Windows\system32\Rundll32.exe" "C:\Users\compurama\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Intel(R)Service] - wscript.exe //B "C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs"
04 - HKU\S-1-5-21-1296205293-2209527227-45657569-1000\SOFTWARE | Run : [Browser Infrastructure Helper] - C:\Users\compurama\AppData\Local\Smartbar\Application\Smartbar.exe startup
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Generic Research |
Deleted ! C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs
Deleted ! C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Deleted ! E:\Intel(R)Service.vbs
Deleted ! G:\Intel(R)Service.vbs
Deleted ! H:\Intel(R)Service.vbs
Deleted ! G:\.lnk
Deleted ! G:\Progress report 4 fab.lnk
Deleted ! G:\CD3 hab cohort2 20130409.lnk
Deleted ! G:\comments on papers.lnk
Deleted ! G:\Notions d'éléctricité.lnk
Deleted ! G:\Desmedt 2012.lnk
Deleted ! G:\~$Reward pathways-1.lnk
Deleted ! G:\Herry_et_al_10 Neuronal circuits of fear extinction.lnk
Deleted ! G:\obes_addict_less2013Cota.lnk
Deleted ! G:\~$Fanselow and Maren 1995.lnk
Deleted ! G:\Fear Conditioning Enhances Short-Latency Auditory Responses of Lateral.lnk
Deleted ! G:\Memory Consolidation.lnk
Deleted ! G:\Spatial learning depends on both the addition and removal of new hippocampal neurons.lnk
Deleted ! G:\Selective erasure of a fear memory Josselyn 2009.lnk
Deleted ! G:\FC enhances different temporal components of Tone-Evoked spike.lnk
Deleted ! G:\Creating a false memory in the hippocampus.lnk
Deleted ! G:\~$Creating a false memory in the hippocampus.lnk
Deleted ! G:\Early Tagging of Cortical Networks Bontempi.lnk
Deleted ! G:\Antidepressants spampinato.lnk
Deleted ! G:\~$FC enhances different temporal components of Tone-Evoked spike.lnk
Deleted ! G:\~$Progress report 4 fab.lnk
Deleted ! G:\Postsynaptic receptor trafficking underly a form of associative memory.lnk
Deleted ! G:\Neuronal circuits of contextual fear discrimination.lnk
Deleted ! G:\Rob graph.lnk
Deleted ! H:\.lnk
Deleted ! H:\lab meeting 27 05 13.lnk
Deleted ! H:\~$lab meeting 27 05 13.lnk
Deleted ! H:\~$Epigenetic regulation of memory formation and maintenance.lnk
Deleted ! H:\filesystem
Deleted ! H:\ice
Deleted ! H:\PRVA
Deleted ! H:\R
(!) Temporary files deleted.
################## | Reference of comparison MD5 |
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\COMPUR~1\AppData\Local\Temp\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> E:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> G:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> H:\Intel(R)Service.vbs
Md5 : 0432EA5E5D3D9897407715AC9A743ECC -> C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Service.vbs
################## | Comparison MD5 |
################## | Registry |
Deleted ! HKU\S-1-5-21-1296205293-2209527227-45657569-1000\Software\Microsoft\Windows\CurrentVersion\Run|Intel(R)Service
Deleted ! HKU\S-1-5-21-1296205293-2209527227-45657569-1000\Software\.\.\.\.\Mountpoints2\{3ca5d11e-f5f2-11e1-9c80-00266c487db7}
################## | Listing |
[28/07/2012 - 13:52:36 | SHD ] C:\$Recycle.Bin
[26/05/2013 - 14:32:04 | D ] C:\20130521
[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat
[17/04/2013 - 07:50:52 | D ] C:\Biblioscape 8
[12/12/2009 - 23:02:14 | SHD ] C:\Boot
[14/07/2009 - 02:38:58 | RASH | 383562] C:\bootmgr
[12/12/2009 - 23:02:15 | RASH | 8192] C:\BOOTSECT.BAK
[24/11/2013 - 13:28:50 | SHD ] C:\Config.Msi
[10/06/2009 - 22:42:20 | N | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[01/12/2013 - 17:45:06 | ASH | 2358386688] C:\hiberfil.sys
[04/06/2010 - 02:35:26 | D ] C:\Intel
[22/12/2012 - 08:21:48 | N | 0] C:\IO.SYS
[22/12/2012 - 08:21:48 | N | 0] C:\MSDOS.SYS
[04/06/2010 - 02:22:54 | RHD ] C:\MSOCache
[01/12/2013 - 17:45:08 | ASH | 3144519680] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[26/11/2013 - 19:09:11 | D ] C:\Program Files
[28/07/2012 - 13:10:13 | D ] C:\Program Files (x86)
[26/11/2013 - 19:13:57 | HD ] C:\ProgramData
[28/07/2012 - 13:49:30 | SHD ] C:\Recovery
[20/10/2013 - 10:47:33 | D ] C:\SearchProtect
[29/11/2013 - 08:52:53 | SHD ] C:\System Volume Information
[01/12/2013 - 19:09:06 | D ] C:\UsbFix
[01/12/2013 - 19:10:04 | A | 10914] C:\UsbFix [Clean 1] COMPURAMA-PC.txt
[01/12/2013 - 16:55:52 | N | 7584] C:\UsbFix [Scan 1] COMPURAMA-PC.txt
[01/12/2013 - 17:03:09 | N | 11549] C:\UsbFix [Scan 2] COMPURAMA-PC.txt
[01/12/2013 - 17:47:45 | N | 6530] C:\UsbFix [Scan 3] COMPURAMA-PC.txt
[01/12/2013 - 18:27:29 | N | 14257] C:\UsbFix [Scan 4] COMPURAMA-PC.txt
[05/02/2012 - 09:30:12 | N | 237] C:\user.js
[03/09/2012 - 19:04:55 | RD ] C:\Users
[28/07/2012 - 13:50:28 | N | 171136] C:\w7ldr
[19/10/2013 - 07:14:52 | D ] C:\Windows
[29/07/2012 - 00:15:21 | D ] C:\Windows.old
[04/09/2013 - 12:16:54 | HD ] E:\.Trashes
[04/09/2013 - 12:16:56 | HD ] E:\.Spotlight-V100
[23/09/2013 - 17:46:12 | D ] E:\Pharmaco
[17/09/2013 - 21:42:54 | D ] E:\Addictology
[23/09/2013 - 17:47:52 | D ] E:\Neurosciences cognitives
[26/03/2013 - 19:21:16 | D ] E:\P&N
[09/10/2013 - 11:32:50 | D ] E:\Connaissance de l'entreprise
[04/07/2012 - 16:45:24 | SH | 4096] G:\._.Trashes
[10/06/2013 - 15:26:36 | N | 1984835] G:\Progress report 4 fab.pptx
[04/07/2012 - 16:45:24 | HD ] G:\.Trashes
[13/06/2013 - 11:20:52 | D ] G:\M1 internship
[04/07/2012 - 16:45:24 | HD ] G:\.Spotlight-V100
[10/06/2013 - 19:24:40 | D ] G:\dokumenty
[04/09/2013 - 16:40:14 | N | 31744] G:\CD3 hab cohort2 20130409.xls
[14/06/2013 - 10:32:36 | D ] G:\Auditory-Evoked Spike Firing in the Lateral amygdala bias or memory (Maren)
[13/08/2013 - 12:38:20 | D ] G:\Data ArchT in PL and fibers in BLA
[13/08/2013 - 16:06:50 | N | 16288] G:\comments on papers.docx
[02/07/2013 - 15:48:02 | N | 291869] G:\Notions d'éléctricité.pdf
[01/10/2013 - 14:45:58 | N | 347007] G:\Desmedt 2012.pptx
[17/09/2013 - 21:42:54 | D ] G:\lectures
[09/07/2013 - 09:48:08 | N | 165] G:\~$Reward pathways-1.pptx
[13/08/2013 - 16:28:30 | N | 442716] G:\Herry_et_al_10 Neuronal circuits of fear extinction.pdf
[29/10/2013 - 09:41:08 | D ] G:\Preprojet M2
[20/06/2013 - 14:03:00 | D ] G:\Neurons in medial prefrontal cortex signal memory for fear extinction (Milard & Quirk 2002)
[19/09/2012 - 16:01:20 | N | 261517] G:\obes_addict_less2013Cota.pdf
[20/08/2013 - 14:05:08 | N | 165] G:\~$Fanselow and Maren 1995.pptx
[16/09/2013 - 22:40:52 | N | 280599] G:\Fear Conditioning Enhances Short-Latency Auditory Responses of Lateral.pptx
[13/08/2013 - 12:22:14 | D ] G:\Internally generated cell assembly sequences in the rat hippocampus Buzsaki
[01/07/2013 - 17:08:06 | D ] G:\Context-Dependent Neuronal Activity in the Lateral Amygdala Represents Fear Memories after Extinction (Maren 2003)
[13/08/2013 - 12:28:36 | D ] G:\Discrete Coding of Reward Probability and Uncertainty by DA neurons (Schultz) 2003
[26/08/2013 - 16:27:00 | D ] G:\Encoding of conditioned fear in central amygdala inhibitory circuits
[13/08/2013 - 12:30:14 | D ] G:\Prefrontal microcircuit underlies contextual learning after hippocampal loss Fanselow
[22/10/2013 - 11:12:00 | N | 1173503] G:\Memory Consolidation.pptx
[20/08/2013 - 13:26:40 | D ] G:\Synaptic Plasticity in the Basolateral Amygdala induced by Hippocampal Formation Stimulation in vivo Fanselow and Maren 1995
[03/09/2013 - 14:05:18 | N | 623578] G:\Spatial learning depends on both the addition and removal of new hippocampal neurons.pptx
[10/09/2013 - 13:54:22 | N | 1609426] G:\Selective erasure of a fear memory Josselyn 2009.pptx
[24/09/2013 - 14:53:50 | N | 319835] G:\FC enhances different temporal components of Tone-Evoked spike.pptx
[08/10/2013 - 11:54:44 | N | 2018897] G:\Creating a false memory in the hippocampus.pptx
[08/10/2013 - 13:53:00 | N | 165] G:\~$Creating a false memory in the hippocampus.pptx
[29/10/2013 - 09:21:10 | N | 401131] G:\Early Tagging of Cortical Networks Bontempi.pptx
[28/10/2013 - 12:41:54 | N | 25609] G:\Antidepressants spampinato.docx
[02/11/2013 - 15:53:24 | N | 165] G:\~$FC enhances different temporal components of Tone-Evoked spike.pptx
[03/11/2013 - 16:11:22 | N | 165] G:\~$Progress report 4 fab.pptx
[04/11/2013 - 21:51:42 | N | 1678403] G:\Postsynaptic receptor trafficking underly a form of associative memory.pptx
[03/11/2013 - 22:14:50 | N | 224516] G:\Neuronal circuits of contextual fear discrimination.docx
[05/11/2013 - 14:16:24 | N | 39642] G:\Rob graph.pdf
[15/11/2013 - 08:52:14 | N | 133] G:\.~lock.Early Tagging of Cortical Networks Bontempi.pptx#
[08/10/2010 - 21:03:40 | D ] H:\S3
[27/05/2013 - 15:03:18 | N | 194186] H:\lab meeting 27 05 13.pptx
[26/01/2013 - 08:13:28 | D ] H:\FOUND.001
[02/04/2012 - 12:06:58 | D ] H:\.fseventsd
[26/03/2012 - 16:55:16 | D ] H:\BIOINF
[06/07/2010 - 21:44:58 | D ] H:\2010-07-06
[11/08/2009 - 11:25:00 | D ] H:\FOUND.000
[18/03/2010 - 15:20:16 | D ] H:\Recycled
[19/03/2012 - 16:27:36 | D ] H:\TP
[21/01/2011 - 10:37:18 | D ] H:\izbrojim
[25/01/2012 - 20:48:50 | D ] H:\animal models used to study obesity
[31/01/2013 - 22:01:06 | D ] H:\IRD
[08/10/2010 - 09:46:56 | SH | 4096] H:\._.Trashes
[08/10/2010 - 09:46:56 | HD ] H:\.Trashes
[06/10/2012 - 21:41:52 | D ] H:\AEB STAT
[08/10/2010 - 09:46:56 | HD ] H:\.Spotlight-V100
[08/10/2010 - 09:47:02 | N | 4096] H:\._Présentation.ppt
[27/05/2013 - 11:56:24 | N | 165] H:\~$lab meeting 27 05 13.pptx
[20/11/2013 - 07:25:38 | D ] H:\New folder
[03/05/2011 - 18:33:28 | N | 89] H:\.~lock.L2 new 2011.ppt#
[06/02/2012 - 12:11:44 | N | 133] H:\.~lock.New Texte OpenDocument (2).odt#
[27/04/2011 - 11:29:52 | N | 89] H:\.~lock.le_muscle.ppt#
[09/02/2012 - 00:56:52 | N | 4096] H:\._phyA thermoregulation 1.m4a
[08/03/2012 - 18:32:58 | N | 133] H:\.~lock.COMP SEXUEL.odt#
[01/03/2013 - 09:04:42 | D ] H:\td3 nargeot
[06/04/2012 - 12:34:20 | D ] H:\2012_04_06_12_33_04
[13/04/2012 - 12:16:06 | D ] H:\2012_04_13_12_15_12
[21/01/2013 - 17:06:24 | N | 4096] H:\._aprem avec les folles .fpbf
[26/01/2013 - 09:27:10 | N | 133] H:\.~lock.Boubakar cours 2.docx#
[26/01/2013 - 13:48:16 | N | 133] H:\.~lock.activité motrice posturale.docx#
[11/02/2013 - 10:16:00 | N | 165] H:\~$Epigenetic regulation of memory formation and maintenance.pptx
[05/03/2013 - 13:48:18 | N | 133] H:\.~lock.Sérotonine.docx#
[25/02/2013 - 07:59:08 | D ] H:\PNI td1 nargeot
################## | Vaccin |
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
Re
je pense que tu as récupéré tes fichiers
On continue avec:
Télécharge Malwaresbytes anti malware ici
https://www.malwarebytes.com/
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(cela dis, il est très simple d'utilisation).
relance Malwaresbytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's. Sous Vista ;Seven ou Windows 8 (clic droit de la souris « exécuter en tant que administrateur »)
*Procèdes à une mise à jour
*Fais un examen dit "Rapide"
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "Afficher les résultats" " .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " supprimer la sélection " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)
@+
je pense que tu as récupéré tes fichiers
On continue avec:
Télécharge Malwaresbytes anti malware ici
https://www.malwarebytes.com/
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(cela dis, il est très simple d'utilisation).
relance Malwaresbytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's. Sous Vista ;Seven ou Windows 8 (clic droit de la souris « exécuter en tant que administrateur »)
*Procèdes à une mise à jour
*Fais un examen dit "Rapide"
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "Afficher les résultats" " .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " supprimer la sélection " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)
@+
