Virus à répétition sur clé USB
Malza
Messages postés
3
Statut
Membre
-
¡El Desaparecido! Messages postés 1519 Date d'inscription Statut Membre Dernière intervention -
¡El Desaparecido! Messages postés 1519 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
J'ai eu à maintes reprises des virus sur ma clé USB que j'ai tenté de supprimer avec USBfix sans effectuer de rapport et demander de l'aide sur un forum. Le résultat est que le virus revenait à chaque fois que je connectais ma clé et j'ai dû infecter mes deux ordinateurs avec ça... Donc je poste le n-ième sujet sur ce problème!
Bref, j'aurais aimé savoir : USBfix nettoie PC et disque amovible? Ou simplement les disques amovibles? Je peux traiter mon second PC avec USBfix sans y brancher ma clé (et donc sans la réinfecter...) (je ne sais pas si je suis très claire ^^")
Voici le rapport obtenu après Recherche, merci par avance de vos renseignements :
############################## | UsbFix V 7.154 | [Recherche]
Utilisateur: tekere (Administrateur) # TEKERE-HP
Mis à jour le 13/12/2013 par El Desaparecido - Team SosVirus
Lancé à 16:52:06 | 16/12/2013
Site Web : https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3689 | Free : 1965]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 438 Go (374 Go libre(s) - 85%) [] # NTFS
D:\ -> Disque fixe # 23 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> Disque fixe # 4 Go (1 Go libre(s) - 27%) [HP_TOOLS] # FAT32
F:\ -> Disque amovible # 2 Go (388 Mo libre(s) - 20%) [CLÉ USB OCÉ] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 640 |ParentID: 628)
C:\Windows\system32\wininit.exe (ID: 708 |ParentID: 628)
C:\Windows\system32\csrss.exe (ID: 724 |ParentID: 700)
C:\Windows\system32\winlogon.exe (ID: 764 |ParentID: 700)
C:\Windows\system32\services.exe (ID: 812 |ParentID: 708)
C:\Windows\system32\lsass.exe (ID: 820 |ParentID: 708)
C:\Windows\system32\lsm.exe (ID: 828 |ParentID: 708)
C:\Windows\system32\svchost.exe (ID: 944 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 108 |ParentID: 812)
C:\Windows\system32\atiesrxx.exe (ID: 352 |ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 932 |ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 1032 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 1072 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 1116 |ParentID: 812)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 1152 |ParentID: 812)
C:\Windows\system32\Hpservice.exe (ID: 1440 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 1500 |ParentID: 812)
C:\Windows\system32\WLANExt.exe (ID: 1588 |ParentID: 1032)
C:\Windows\System32\spoolsv.exe (ID: 1676 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 1708 |ParentID: 812)
C:\Windows\system32\conhost.exe (ID: 1768 |ParentID: 640)
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (ID: 1812 |ParentID: 812)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1880 |ParentID: 812)
C:\Program Files\IDT\WDM\AESTSr64.exe (ID: 1908 |ParentID: 812)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1936 |ParentID: 812)
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID: 2028 |ParentID: 812)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1188 |ParentID: 812)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1432 |ParentID: 812)
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (ID: 1528 |ParentID: 812)
C:\Windows\SysWOW64\ezSharedSvcHost.exe (ID: 1640 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 2056 |ParentID: 812)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 2116 |ParentID: 812)
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID: 2140 |ParentID: 812)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 2188 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 2324 |ParentID: 812)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2380 |ParentID: 812)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2732 |ParentID: 2380)
C:\Windows\system32\svchost.exe (ID: 2856 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 2932 |ParentID: 812)
C:\Windows\system32\atieclxx.exe (ID: 3192 |ParentID: 352)
C:\Windows\system32\taskhost.exe (ID: 3580 |ParentID: 812)
C:\Windows\system32\Dwm.exe (ID: 3720 |ParentID: 1032)
C:\Windows\Explorer.EXE (ID: 3776 |ParentID: 3648)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2092 |ParentID: 3776)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 2372 |ParentID: 3776)
C:\Users\tekere\AppData\Roaming\SearchProtect\bin\cltmng.exe (ID: 3128 |ParentID: 3776)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 1020 |ParentID: 3776)
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (ID: 1684 |ParentID: 3140)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 3920 |ParentID: 2092)
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID: 3860 |ParentID: 3140)
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (ID: 3972 |ParentID: 3140)
C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID: 3956 |ParentID: 3140)
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (ID: 3928 |ParentID: 3140)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4008 |ParentID: 3140)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 3992 |ParentID: 3140)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 1448 |ParentID: 3140)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 636 |ParentID: 812)
C:\PROGRA~2\AD-AWA~1\AdAware.exe (ID: 3944 |ParentID: 1812)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3968 |ParentID: 944)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4448 |ParentID: 944)
C:\Windows\system32\SearchIndexer.exe (ID: 4692 |ParentID: 812)
C:\Windows\SysWOW64\RunDll32.exe (ID: 4972 |ParentID: 1020)
C:\Windows\system32\taskeng.exe (ID: 5116 |ParentID: 1116)
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (ID: 4112 |ParentID: 5116)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4368 |ParentID: 812)
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID: 892 |ParentID: 944)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 4140 |ParentID: 812)
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (ID: 5396 |ParentID: 812)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 5456 |ParentID: 2344)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 5440 |ParentID: 5456)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 628 |ParentID: 812)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 5744 |ParentID: 7000)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2948 |ParentID: 3776)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6952 |ParentID: 2948)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2780 |ParentID: 812)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4080 |ParentID: 2948)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1252 |ParentID: 2948)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6020 |ParentID: 2948)
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (ID: 2128 |ParentID: 3776)
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (ID: 5236 |ParentID: 2128)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6412 |ParentID: 2948)
C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (ID: 4680 |ParentID: 812)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6244 |ParentID: 2948)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6308 |ParentID: 2948)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5180 |ParentID: 2948)
C:\UsbFix\Go.exe (ID: 4688 |ParentID: 2052)
C:\Windows\system32\WUDFHost.exe (ID: 6192 |ParentID: 1032)
C:\Windows\System32\svchost.exe (ID: 5072 |ParentID: 812)
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (ID: 7264 |ParentID: 3956)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 7420 |ParentID: 1116)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\SOFTWARE | Run : [SearchProtect] - C:\Users\tekere\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\SOFTWARE | Run : [flashmemory] - wscript.exe //B "C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\SOFTWARE | Run : [SearchProtect] - C:\Users\Pelede\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\SOFTWARE | Run : [AVG-Secure-Search-Update_0913b] - C:\Users\Pelede\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 359b570fd3f647d3bd1fb56e712471b1-50c382a41fee6107e85512abbd5b388062d9a215 --CMPID 0913b
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-501\SOFTWARE | Run : [SearchProtect] - C:\Users\Invité\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
Présent! F:\flashmemory.vbe
Présent! C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Présent! C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Présent! F:\.lnk
Présent! F:\WMPInfo.lnk
Présent! F:\gnadja.lnk
Présent! F:\RECYCLER.lnk
Présent! F:\BUDIM.lnk
Présent! F:\Oceane.lnk
Présent! F:\.Trashes.lnk
Présent! F:\.Spotlight-V100.lnk
Présent! F:\Autorun.inf.lnk
Présent! F:\.TemporaryItems.lnk
Présent! F:\.fseventsd.lnk
Présent! D:\desktop.ini
################## | Référence de comparaison MD5 |
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> F:\flashmemory.vbe
################## | Comparaison MD5 |
Présent! Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Présent! Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Présent! Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> F:\flashmemory.vbe
################## | Registre |
Présent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
Présent! HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
J'ai eu à maintes reprises des virus sur ma clé USB que j'ai tenté de supprimer avec USBfix sans effectuer de rapport et demander de l'aide sur un forum. Le résultat est que le virus revenait à chaque fois que je connectais ma clé et j'ai dû infecter mes deux ordinateurs avec ça... Donc je poste le n-ième sujet sur ce problème!
Bref, j'aurais aimé savoir : USBfix nettoie PC et disque amovible? Ou simplement les disques amovibles? Je peux traiter mon second PC avec USBfix sans y brancher ma clé (et donc sans la réinfecter...) (je ne sais pas si je suis très claire ^^")
Voici le rapport obtenu après Recherche, merci par avance de vos renseignements :
############################## | UsbFix V 7.154 | [Recherche]
Utilisateur: tekere (Administrateur) # TEKERE-HP
Mis à jour le 13/12/2013 par El Desaparecido - Team SosVirus
Lancé à 16:52:06 | 16/12/2013
Site Web : https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3689 | Free : 1965]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 438 Go (374 Go libre(s) - 85%) [] # NTFS
D:\ -> Disque fixe # 23 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> Disque fixe # 4 Go (1 Go libre(s) - 27%) [HP_TOOLS] # FAT32
F:\ -> Disque amovible # 2 Go (388 Mo libre(s) - 20%) [CLÉ USB OCÉ] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 640 |ParentID: 628)
C:\Windows\system32\wininit.exe (ID: 708 |ParentID: 628)
C:\Windows\system32\csrss.exe (ID: 724 |ParentID: 700)
C:\Windows\system32\winlogon.exe (ID: 764 |ParentID: 700)
C:\Windows\system32\services.exe (ID: 812 |ParentID: 708)
C:\Windows\system32\lsass.exe (ID: 820 |ParentID: 708)
C:\Windows\system32\lsm.exe (ID: 828 |ParentID: 708)
C:\Windows\system32\svchost.exe (ID: 944 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 108 |ParentID: 812)
C:\Windows\system32\atiesrxx.exe (ID: 352 |ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 932 |ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 1032 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 1072 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 1116 |ParentID: 812)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 1152 |ParentID: 812)
C:\Windows\system32\Hpservice.exe (ID: 1440 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 1500 |ParentID: 812)
C:\Windows\system32\WLANExt.exe (ID: 1588 |ParentID: 1032)
C:\Windows\System32\spoolsv.exe (ID: 1676 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 1708 |ParentID: 812)
C:\Windows\system32\conhost.exe (ID: 1768 |ParentID: 640)
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (ID: 1812 |ParentID: 812)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1880 |ParentID: 812)
C:\Program Files\IDT\WDM\AESTSr64.exe (ID: 1908 |ParentID: 812)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1936 |ParentID: 812)
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID: 2028 |ParentID: 812)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1188 |ParentID: 812)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1432 |ParentID: 812)
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (ID: 1528 |ParentID: 812)
C:\Windows\SysWOW64\ezSharedSvcHost.exe (ID: 1640 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 2056 |ParentID: 812)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 2116 |ParentID: 812)
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID: 2140 |ParentID: 812)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 2188 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 2324 |ParentID: 812)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2380 |ParentID: 812)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2732 |ParentID: 2380)
C:\Windows\system32\svchost.exe (ID: 2856 |ParentID: 812)
C:\Windows\system32\svchost.exe (ID: 2932 |ParentID: 812)
C:\Windows\system32\atieclxx.exe (ID: 3192 |ParentID: 352)
C:\Windows\system32\taskhost.exe (ID: 3580 |ParentID: 812)
C:\Windows\system32\Dwm.exe (ID: 3720 |ParentID: 1032)
C:\Windows\Explorer.EXE (ID: 3776 |ParentID: 3648)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2092 |ParentID: 3776)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 2372 |ParentID: 3776)
C:\Users\tekere\AppData\Roaming\SearchProtect\bin\cltmng.exe (ID: 3128 |ParentID: 3776)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 1020 |ParentID: 3776)
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (ID: 1684 |ParentID: 3140)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 3920 |ParentID: 2092)
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID: 3860 |ParentID: 3140)
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (ID: 3972 |ParentID: 3140)
C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID: 3956 |ParentID: 3140)
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (ID: 3928 |ParentID: 3140)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4008 |ParentID: 3140)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 3992 |ParentID: 3140)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 1448 |ParentID: 3140)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 636 |ParentID: 812)
C:\PROGRA~2\AD-AWA~1\AdAware.exe (ID: 3944 |ParentID: 1812)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3968 |ParentID: 944)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4448 |ParentID: 944)
C:\Windows\system32\SearchIndexer.exe (ID: 4692 |ParentID: 812)
C:\Windows\SysWOW64\RunDll32.exe (ID: 4972 |ParentID: 1020)
C:\Windows\system32\taskeng.exe (ID: 5116 |ParentID: 1116)
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (ID: 4112 |ParentID: 5116)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4368 |ParentID: 812)
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID: 892 |ParentID: 944)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 4140 |ParentID: 812)
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (ID: 5396 |ParentID: 812)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 5456 |ParentID: 2344)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 5440 |ParentID: 5456)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 628 |ParentID: 812)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 5744 |ParentID: 7000)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2948 |ParentID: 3776)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6952 |ParentID: 2948)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2780 |ParentID: 812)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4080 |ParentID: 2948)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1252 |ParentID: 2948)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6020 |ParentID: 2948)
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (ID: 2128 |ParentID: 3776)
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (ID: 5236 |ParentID: 2128)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6412 |ParentID: 2948)
C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (ID: 4680 |ParentID: 812)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6244 |ParentID: 2948)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6308 |ParentID: 2948)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5180 |ParentID: 2948)
C:\UsbFix\Go.exe (ID: 4688 |ParentID: 2052)
C:\Windows\system32\WUDFHost.exe (ID: 6192 |ParentID: 1032)
C:\Windows\System32\svchost.exe (ID: 5072 |ParentID: 812)
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (ID: 7264 |ParentID: 3956)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 7420 |ParentID: 1116)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\SOFTWARE | Run : [SearchProtect] - C:\Users\tekere\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\SOFTWARE | Run : [flashmemory] - wscript.exe //B "C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\SOFTWARE | Run : [SearchProtect] - C:\Users\Pelede\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\SOFTWARE | Run : [AVG-Secure-Search-Update_0913b] - C:\Users\Pelede\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 359b570fd3f647d3bd1fb56e712471b1-50c382a41fee6107e85512abbd5b388062d9a215 --CMPID 0913b
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-501\SOFTWARE | Run : [SearchProtect] - C:\Users\Invité\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
Présent! F:\flashmemory.vbe
Présent! C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Présent! C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Présent! F:\.lnk
Présent! F:\WMPInfo.lnk
Présent! F:\gnadja.lnk
Présent! F:\RECYCLER.lnk
Présent! F:\BUDIM.lnk
Présent! F:\Oceane.lnk
Présent! F:\.Trashes.lnk
Présent! F:\.Spotlight-V100.lnk
Présent! F:\Autorun.inf.lnk
Présent! F:\.TemporaryItems.lnk
Présent! F:\.fseventsd.lnk
Présent! D:\desktop.ini
################## | Référence de comparaison MD5 |
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> F:\flashmemory.vbe
################## | Comparaison MD5 |
Présent! Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Présent! Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Présent! Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> F:\flashmemory.vbe
################## | Registre |
Présent! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 1
Présent! HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
A voir également:
- Virus à répétition sur clé USB
- Clé usb non détectée - Guide
- Clé usb - Accueil - Stockage
- Formater clé usb - Guide
- Clé windows 8 - Guide
- Télécharger windows 7 sur clé usb gratuit - Télécharger - Systèmes d'exploitation
5 réponses
Comment faire pour nettoyer mon second ordinateur sans y connecter de disque amovible ? USBfix peut le faire ?
C'est une question qui revient souvent , la réponse est OUI .
UsbFix nettoie les supports amovibles ( clé usb , carte SD etc ) mais aussi l'ordinateur afin que l'infection soit totalement détruite et qu'elle ne puisse pas réinfecter les supports.
C'est une question qui revient souvent , la réponse est OUI .
UsbFix nettoie les supports amovibles ( clé usb , carte SD etc ) mais aussi l'ordinateur afin que l'infection soit totalement détruite et qu'elle ne puisse pas réinfecter les supports.
############################## | UsbFix V 7.154 | [Suppression]
Utilisateur: tekere (Administrateur) # TEKERE-HP
Mis à jour le 13/12/2013 par El Desaparecido - Team SosVirus
Lancé à 17:49:36 | 16/12/2013
Site Web : https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3689 | Free : 2085]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 438 Go (374 Go libre(s) - 85%) [] # NTFS
D:\ -> Disque fixe # 23 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> Disque fixe # 4 Go (1 Go libre(s) - 27%) [HP_TOOLS] # FAT32
F:\ -> Disque amovible # 2 Go (388 Mo libre(s) - 20%) [CLÉ USB OCÉ] # FAT32
################## | ByPass |
Stoppé! C:\Windows\system32\NOTEPAD.EXE (ID: 7832 |ParentID: 2896)
Stoppé! C:\Windows\Explorer.exe (ID: 2896 |ParentID: 4688 )
################## | Processus Stoppés |
Stoppé! C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID: 7944 |ParentID: 812)
Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 7224 |ParentID: 812)
Stoppé! C:\Windows\system32\WUDFHost.exe (ID: 5224 |ParentID: 1032)
Stoppé! C:\Windows\System32\rundll32.exe (ID: 7324 |ParentID: 944)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 548 |ParentID: 812)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 416 |ParentID: 548)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 2824 |ParentID: 812)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 6548 |ParentID: 812)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 5400 |ParentID: 812)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 5540 |ParentID: 812)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1172 |ParentID: 812)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 7252 |ParentID: 812)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1704 |ParentID: 2896)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1852 |ParentID: 1704)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1932 |ParentID: 1704)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2544 |ParentID: 1704)
Stoppé! C:\Windows\system32\DllHost.exe (ID: 4000 |ParentID: 944)
Stoppé! C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (ID: 3568 |ParentID: 812)
Stoppé! C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID: 3280 |ParentID: 2896)
Stoppé! C:\Windows\system32\DllHost.exe (ID: 3128 |ParentID: 944)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\SOFTWARE | Run : [SearchProtect] - C:\Users\tekere\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\SOFTWARE | Run : [flashmemory] - wscript.exe //B "C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\SOFTWARE | Run : [SearchProtect] - C:\Users\Pelede\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\SOFTWARE | Run : [AVG-Secure-Search-Update_0913b] - C:\Users\Pelede\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 359b570fd3f647d3bd1fb56e712471b1-50c382a41fee6107e85512abbd5b388062d9a215 --CMPID 0913b
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-501\SOFTWARE | Run : [SearchProtect] - C:\Users\Invité\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
Supprimé! F:\flashmemory.vbe
Supprimé! C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Supprimé! C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Supprimé! F:\.lnk
Supprimé! F:\WMPInfo.lnk
Supprimé! F:\gnadja.lnk
Supprimé! F:\RECYCLER.lnk
Supprimé! F:\BUDIM.lnk
Supprimé! F:\Oceane.lnk
Supprimé! F:\.Trashes.lnk
Supprimé! F:\.Spotlight-V100.lnk
Supprimé! F:\Autorun.inf.lnk
Supprimé! F:\.TemporaryItems.lnk
Supprimé! F:\.fseventsd.lnk
Supprimé! D:\desktop.ini
(!) Fichiers temporaires supprimés. (2 Ko)
################## | Référence de comparaison MD5 |
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> F:\flashmemory.vbe
################## | Comparaison MD5 |
-> Pas de valeur Md5 identique trouvée.
################## | Registre |
Réparé ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 0
Supprimé! HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Supprimé! HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\Software\.\.\.\.\Mountpoints2\G
Supprimé! HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\Software\.\.\.\.\Mountpoints2\{a725bc44-df03-11e2-be0c-642737c09842}
Supprimé! HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\Software\.\.\.\.\Mountpoints2\{a725bc44-df03-11e2-be0c-642737c09842}
################## | Listing |
[16/12/2013 - 17:08:26 | N | 15 Ko] - C:\UsbFix [Scan 1] TEKERE-HP.txt
[16/12/2013 - 17:58:21 | A | 10 Ko] - C:\UsbFix [Clean 2] TEKERE-HP.txt
[14/12/2013 - 10:09:50 | ASH | 3777952 Ko] - C:\pagefile.sys
[14/12/2013 - 10:09:51 | ASH | 2833464 Ko] - C:\hiberfil.sys
[24/06/2013 - 02:01:15 | D] - C:\SYSTEM.SAV
[05/08/2013 - 17:25:01 | SHD] - C:\$Recycle.Bin
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[21/11/2010 - 04:23:51 | RASH | 375 Ko] - C:\bootmgr
[23/10/2011 - 21:22:23 | SHD] - C:\boot
[03/02/2012 - 01:26:48 | D] - C:\HP
[24/06/2013 - 02:01:09 | SHD] - C:\Recovery
[26/06/2013 - 00:05:29 | N | 0 Ko] - C:\END
[26/06/2013 - 00:27:34 | D] - C:\$AVG
[05/08/2013 - 17:24:52 | D] - C:\Users
[13/10/2013 - 10:59:34 | D] - C:\6715ea7b1dea590106921162a530d0ac
[14/10/2013 - 06:45:49 | D] - C:\7632ad79533219f36a0811921904ce
[20/10/2013 - 16:00:46 | D] - C:\SearchProtect
[16/11/2013 - 22:20:38 | D] - C:\Program Files
[21/11/2013 - 15:53:52 | D] - C:\Windows
[21/11/2013 - 16:37:36 | HD] - C:\ProgramData
[12/12/2013 - 11:02:55 | D] - C:\Program Files (x86)
[13/12/2013 - 13:28:50 | D] - C:\SWSetup
[14/12/2013 - 09:46:26 | SHD] - C:\System Volume Information
[16/12/2013 - 17:57:43 | D] - C:\UsbFix
[07/04/2012 - 13:09:48 | N | 0 Ko] - D:\HPSF_Rep.txt
[16/12/2013 - 17:08:25 | RASHD] - D:\Autorun.inf
[05/04/2012 - 02:31:39 | N | 0 Ko] - D:\HP_WSD.dat
[08/01/2013 - 10:32:07 | SHD] - D:\$RECYCLE.BIN
[14/07/2009 - 19:39:00 | RASH | 375 Ko] - D:\bootmgr
[05/04/2012 - 02:52:11 | D] - D:\hp
[05/04/2012 - 02:52:11 | RASHD] - D:\boot
[05/04/2012 - 02:52:11 | RSHD] - D:\preload
[05/04/2012 - 02:52:11 | D] - D:\RM_Reserve
[05/04/2012 - 02:52:11 | D] - D:\FactoryUpdate
[24/06/2013 - 02:01:15 | RSD] - D:\recovery
[26/06/2013 - 17:10:46 | SHD] - D:\System Volume Information
[07/04/2012 - 14:09:52 | N | 0 Ko] - E:\HPSF_Rep.txt
[16/12/2013 - 17:08:26 | RASHD] - E:\Autorun.inf
[24/06/2013 - 03:03:54 | N | 0 Ko] - E:\HP_WSD.dat
[03/02/2012 - 01:34:04 | SHD] - E:\$RECYCLE.BIN
[04/06/2012 - 17:52:02 | D] - E:\FOUND.000
[13/12/2013 - 18:12:32 | D] - E:\Hewlett-Packard
[12/07/2011 - 03:48:52 | N | 0 Ko] - F:\WMPInfo.xml
[03/12/2010 - 19:13:36 | SH | 4 Ko] - F:\._.Trashes
[03/12/2010 - 19:13:36 | SHD] - F:\.Trashes
[02/03/2011 - 15:50:48 | SHD] - F:\.TemporaryItems
[02/03/2011 - 15:50:48 | SH | 4 Ko] - F:\._.TemporaryItems
[03/12/2010 - 19:13:36 | SHD] - F:\.Spotlight-V100
[16/12/2013 - 17:08:26 | RASHD] - F:\Autorun.inf
[28/11/2012 - 11:42:50 | SHD] - F:\.fseventsd
[24/10/2012 - 15:16:52 | D] - F:\BUDIM
[08/11/2012 - 14:16:54 | SHD] - F:\RECYCLER
[04/05/2013 - 18:51:50 | D] - F:\Oceane
[12/06/2013 - 01:01:24 | D] - F:\gnadja
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
Utilisateur: tekere (Administrateur) # TEKERE-HP
Mis à jour le 13/12/2013 par El Desaparecido - Team SosVirus
Lancé à 17:49:36 | 16/12/2013
Site Web : https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3689 | Free : 2085]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 438 Go (374 Go libre(s) - 85%) [] # NTFS
D:\ -> Disque fixe # 23 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> Disque fixe # 4 Go (1 Go libre(s) - 27%) [HP_TOOLS] # FAT32
F:\ -> Disque amovible # 2 Go (388 Mo libre(s) - 20%) [CLÉ USB OCÉ] # FAT32
################## | ByPass |
Stoppé! C:\Windows\system32\NOTEPAD.EXE (ID: 7832 |ParentID: 2896)
Stoppé! C:\Windows\Explorer.exe (ID: 2896 |ParentID: 4688 )
################## | Processus Stoppés |
Stoppé! C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID: 7944 |ParentID: 812)
Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 7224 |ParentID: 812)
Stoppé! C:\Windows\system32\WUDFHost.exe (ID: 5224 |ParentID: 1032)
Stoppé! C:\Windows\System32\rundll32.exe (ID: 7324 |ParentID: 944)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 548 |ParentID: 812)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 416 |ParentID: 548)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 2824 |ParentID: 812)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 6548 |ParentID: 812)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 5400 |ParentID: 812)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 5540 |ParentID: 812)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1172 |ParentID: 812)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 7252 |ParentID: 812)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1704 |ParentID: 2896)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1852 |ParentID: 1704)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1932 |ParentID: 1704)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2544 |ParentID: 1704)
Stoppé! C:\Windows\system32\DllHost.exe (ID: 4000 |ParentID: 944)
Stoppé! C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (ID: 3568 |ParentID: 812)
Stoppé! C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID: 3280 |ParentID: 2896)
Stoppé! C:\Windows\system32\DllHost.exe (ID: 3128 |ParentID: 944)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\SOFTWARE | Run : [SearchProtect] - C:\Users\tekere\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\SOFTWARE | Run : [flashmemory] - wscript.exe //B "C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe"
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\SOFTWARE | Run : [SearchProtect] - C:\Users\Pelede\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\SOFTWARE | Run : [AVG-Secure-Search-Update_0913b] - C:\Users\Pelede\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 359b570fd3f647d3bd1fb56e712471b1-50c382a41fee6107e85512abbd5b388062d9a215 --CMPID 0913b
04 - HKU\S-1-5-21-1901667324-3712436195-3777335755-501\SOFTWARE | Run : [SearchProtect] - C:\Users\Invité\AppData\Roaming\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-18\SOFTWARE | Run : [SearchProtect] - \SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
Supprimé! F:\flashmemory.vbe
Supprimé! C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Supprimé! C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Supprimé! F:\.lnk
Supprimé! F:\WMPInfo.lnk
Supprimé! F:\gnadja.lnk
Supprimé! F:\RECYCLER.lnk
Supprimé! F:\BUDIM.lnk
Supprimé! F:\Oceane.lnk
Supprimé! F:\.Trashes.lnk
Supprimé! F:\.Spotlight-V100.lnk
Supprimé! F:\Autorun.inf.lnk
Supprimé! F:\.TemporaryItems.lnk
Supprimé! F:\.fseventsd.lnk
Supprimé! D:\desktop.ini
(!) Fichiers temporaires supprimés. (2 Ko)
################## | Référence de comparaison MD5 |
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flashmemory.vbe
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\tekere\AppData\Local\Temp\flashmemory.vbe
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> F:\flashmemory.vbe
################## | Comparaison MD5 |
-> Pas de valeur Md5 identique trouvée.
################## | Registre |
Réparé ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|EnableShellExecuteHooks -> 0
Supprimé! HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\Software\Microsoft\Windows\CurrentVersion\Run|flashmemory
Supprimé! HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\Software\.\.\.\.\Mountpoints2\G
Supprimé! HKU\S-1-5-21-1901667324-3712436195-3777335755-1000\Software\.\.\.\.\Mountpoints2\{a725bc44-df03-11e2-be0c-642737c09842}
Supprimé! HKU\S-1-5-21-1901667324-3712436195-3777335755-1001\Software\.\.\.\.\Mountpoints2\{a725bc44-df03-11e2-be0c-642737c09842}
################## | Listing |
[16/12/2013 - 17:08:26 | N | 15 Ko] - C:\UsbFix [Scan 1] TEKERE-HP.txt
[16/12/2013 - 17:58:21 | A | 10 Ko] - C:\UsbFix [Clean 2] TEKERE-HP.txt
[14/12/2013 - 10:09:50 | ASH | 3777952 Ko] - C:\pagefile.sys
[14/12/2013 - 10:09:51 | ASH | 2833464 Ko] - C:\hiberfil.sys
[24/06/2013 - 02:01:15 | D] - C:\SYSTEM.SAV
[05/08/2013 - 17:25:01 | SHD] - C:\$Recycle.Bin
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[21/11/2010 - 04:23:51 | RASH | 375 Ko] - C:\bootmgr
[23/10/2011 - 21:22:23 | SHD] - C:\boot
[03/02/2012 - 01:26:48 | D] - C:\HP
[24/06/2013 - 02:01:09 | SHD] - C:\Recovery
[26/06/2013 - 00:05:29 | N | 0 Ko] - C:\END
[26/06/2013 - 00:27:34 | D] - C:\$AVG
[05/08/2013 - 17:24:52 | D] - C:\Users
[13/10/2013 - 10:59:34 | D] - C:\6715ea7b1dea590106921162a530d0ac
[14/10/2013 - 06:45:49 | D] - C:\7632ad79533219f36a0811921904ce
[20/10/2013 - 16:00:46 | D] - C:\SearchProtect
[16/11/2013 - 22:20:38 | D] - C:\Program Files
[21/11/2013 - 15:53:52 | D] - C:\Windows
[21/11/2013 - 16:37:36 | HD] - C:\ProgramData
[12/12/2013 - 11:02:55 | D] - C:\Program Files (x86)
[13/12/2013 - 13:28:50 | D] - C:\SWSetup
[14/12/2013 - 09:46:26 | SHD] - C:\System Volume Information
[16/12/2013 - 17:57:43 | D] - C:\UsbFix
[07/04/2012 - 13:09:48 | N | 0 Ko] - D:\HPSF_Rep.txt
[16/12/2013 - 17:08:25 | RASHD] - D:\Autorun.inf
[05/04/2012 - 02:31:39 | N | 0 Ko] - D:\HP_WSD.dat
[08/01/2013 - 10:32:07 | SHD] - D:\$RECYCLE.BIN
[14/07/2009 - 19:39:00 | RASH | 375 Ko] - D:\bootmgr
[05/04/2012 - 02:52:11 | D] - D:\hp
[05/04/2012 - 02:52:11 | RASHD] - D:\boot
[05/04/2012 - 02:52:11 | RSHD] - D:\preload
[05/04/2012 - 02:52:11 | D] - D:\RM_Reserve
[05/04/2012 - 02:52:11 | D] - D:\FactoryUpdate
[24/06/2013 - 02:01:15 | RSD] - D:\recovery
[26/06/2013 - 17:10:46 | SHD] - D:\System Volume Information
[07/04/2012 - 14:09:52 | N | 0 Ko] - E:\HPSF_Rep.txt
[16/12/2013 - 17:08:26 | RASHD] - E:\Autorun.inf
[24/06/2013 - 03:03:54 | N | 0 Ko] - E:\HP_WSD.dat
[03/02/2012 - 01:34:04 | SHD] - E:\$RECYCLE.BIN
[04/06/2012 - 17:52:02 | D] - E:\FOUND.000
[13/12/2013 - 18:12:32 | D] - E:\Hewlett-Packard
[12/07/2011 - 03:48:52 | N | 0 Ko] - F:\WMPInfo.xml
[03/12/2010 - 19:13:36 | SH | 4 Ko] - F:\._.Trashes
[03/12/2010 - 19:13:36 | SHD] - F:\.Trashes
[02/03/2011 - 15:50:48 | SHD] - F:\.TemporaryItems
[02/03/2011 - 15:50:48 | SH | 4 Ko] - F:\._.TemporaryItems
[03/12/2010 - 19:13:36 | SHD] - F:\.Spotlight-V100
[16/12/2013 - 17:08:26 | RASHD] - F:\Autorun.inf
[28/11/2012 - 11:42:50 | SHD] - F:\.fseventsd
[24/10/2012 - 15:16:52 | D] - F:\BUDIM
[08/11/2012 - 14:16:54 | SHD] - F:\RECYCLER
[04/05/2013 - 18:51:50 | D] - F:\Oceane
[12/06/2013 - 01:01:24 | D] - F:\gnadja
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question