Raccourcis sur ma USB
LILI
-
Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
j'aimerai savoir pourquoi les fichiers sur ma USB sont tous en raccourcis et s'il y a une solution pour. Je viens de chez un photographe pour le développement de mes photos numériques il a introduit ma clé dans son ordinateur pour le traitement des photos et au retour quand j'ai voulu l'utiliser sur mon PC la clé n'affichait que des raccourcis. plizz help me!
ci dessous mon rapport usb fix:
############################## | UsbFix V 7.159 | [Recherche]
Utilisateur: SOCIETE YAYA (Administrateur) # SOCIETEYAYA-HP
Mis à jour le 06/01/2014 par El Desaparecido - Team SosVirus
Lancé à 17:04:52 | 06/01/2014
Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: PEGATRON CORPORATION (2AE2)
CPU: Intel(R) Pentium(R) CPU G640T @ 2.40GHz
RAM -> [Total : 1932 Mo| Free : 414 Mo]
Bios: AMI
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 449 Go (396 Go libre(s) - 88%) [OS] # NTFS
D:\ -> Disque fixe # 16 Go (2 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 84%) [LILY] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 460 |ParentID: 448)
C:\Windows\system32\wininit.exe (ID: 536 |ParentID: 448)
C:\Windows\system32\csrss.exe (ID: 548 |ParentID: 528)
C:\Windows\system32\winlogon.exe (ID: 608 |ParentID: 528)
C:\Windows\system32\services.exe (ID: 656 |ParentID: 536)
C:\Windows\system32\lsass.exe (ID: 664 |ParentID: 536)
C:\Windows\system32\lsm.exe (ID: 676 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 872 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 968 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 352 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 488 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 448 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 1064 |ParentID: 656)
C:\Windows\System32\spoolsv.exe (ID: 1204 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 1240 |ParentID: 656)
C:\Windows\system32\taskhost.exe (ID: 1508 |ParentID: 656)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1664 |ParentID: 656)
C:\Windows\system32\Dwm.exe (ID: 1704 |ParentID: 352)
C:\Windows\Explorer.EXE (ID: 1728 |ParentID: 1684)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (ID: 1964 |ParentID: 656)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1076 |ParentID: 656)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 1532 |ParentID: 656)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 1724 |ParentID: 656)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1340 |ParentID: 1076)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe (ID: 1820 |ParentID: 1076)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 1888 |ParentID: 1532)
C:\Windows\System32\svchost.exe (ID: 2056 |ParentID: 656)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2316 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 2384 |ParentID: 656)
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (ID: 2460 |ParentID: 656)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2540 |ParentID: 656)
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (ID: 2572 |ParentID: 656)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 2656 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 2932 |ParentID: 656)
C:\Windows\System32\WUDFHost.exe (ID: 3084 |ParentID: 352)
C:\Windows\system32\svchost.exe (ID: 3260 |ParentID: 656)
C:\Windows\System32\hkcmd.exe (ID: 3456 |ParentID: 1728)
C:\Windows\System32\igfxpers.exe (ID: 3492 |ParentID: 1728)
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (ID: 3500 |ParentID: 1728)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3520 |ParentID: 1728)
C:\Program Files (x86)\QuickTime\qttask.exe (ID: 3812 |ParentID: 3664)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3840 |ParentID: 3664)
C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\MediaDico36.exe (ID: 3900 |ParentID: 3544)
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe (ID: 3188 |ParentID: 3628)
C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\RAC36.exe (ID: 2416 |ParentID: 3544)
C:\Windows\system32\SearchIndexer.exe (ID: 3680 |ParentID: 656)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3884 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 3836 |ParentID: 656)
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (ID: 756 |ParentID: 656)
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (ID: 1548 |ParentID: 756)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 1852 |ParentID: 656)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4840 |ParentID: 656)
C:\Windows\system32\wuauclt.exe (ID: 3448 |ParentID: 448)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 3432 |ParentID: 1520)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 4668 |ParentID: 1728)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3676 |ParentID: 4668)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 3856 |ParentID: 656)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingApp.exe (ID: 1436 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingBar.exe (ID: 4408 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 4964 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 856 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 5020 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 1588 |ParentID: 784)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3752 |ParentID: 4668)
C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 11820 |ParentID: 784)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 4980 |ParentID: 4668)
C:\Windows\system32\taskhost.exe (ID: 11440 |ParentID: 656)
C:\UsbFix\Go.exe (ID: 6460 |ParentID: 11484)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3240 |ParentID: 784)
################## | Regedit Run |
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [HPSYSDRV] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
04 - HKLM64\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [MediaDICO36] C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [iLivid] "C:\Users\SOCIETE YAYA\AppData\Local\iLivid\iLivid.exe" -autorun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
j'aimerai savoir pourquoi les fichiers sur ma USB sont tous en raccourcis et s'il y a une solution pour. Je viens de chez un photographe pour le développement de mes photos numériques il a introduit ma clé dans son ordinateur pour le traitement des photos et au retour quand j'ai voulu l'utiliser sur mon PC la clé n'affichait que des raccourcis. plizz help me!
ci dessous mon rapport usb fix:
############################## | UsbFix V 7.159 | [Recherche]
Utilisateur: SOCIETE YAYA (Administrateur) # SOCIETEYAYA-HP
Mis à jour le 06/01/2014 par El Desaparecido - Team SosVirus
Lancé à 17:04:52 | 06/01/2014
Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: PEGATRON CORPORATION (2AE2)
CPU: Intel(R) Pentium(R) CPU G640T @ 2.40GHz
RAM -> [Total : 1932 Mo| Free : 414 Mo]
Bios: AMI
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 449 Go (396 Go libre(s) - 88%) [OS] # NTFS
D:\ -> Disque fixe # 16 Go (2 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 84%) [LILY] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 460 |ParentID: 448)
C:\Windows\system32\wininit.exe (ID: 536 |ParentID: 448)
C:\Windows\system32\csrss.exe (ID: 548 |ParentID: 528)
C:\Windows\system32\winlogon.exe (ID: 608 |ParentID: 528)
C:\Windows\system32\services.exe (ID: 656 |ParentID: 536)
C:\Windows\system32\lsass.exe (ID: 664 |ParentID: 536)
C:\Windows\system32\lsm.exe (ID: 676 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 872 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 968 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 352 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 488 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 448 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 1064 |ParentID: 656)
C:\Windows\System32\spoolsv.exe (ID: 1204 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 1240 |ParentID: 656)
C:\Windows\system32\taskhost.exe (ID: 1508 |ParentID: 656)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1664 |ParentID: 656)
C:\Windows\system32\Dwm.exe (ID: 1704 |ParentID: 352)
C:\Windows\Explorer.EXE (ID: 1728 |ParentID: 1684)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (ID: 1964 |ParentID: 656)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1076 |ParentID: 656)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 1532 |ParentID: 656)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 1724 |ParentID: 656)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1340 |ParentID: 1076)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe (ID: 1820 |ParentID: 1076)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 1888 |ParentID: 1532)
C:\Windows\System32\svchost.exe (ID: 2056 |ParentID: 656)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2316 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 2384 |ParentID: 656)
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (ID: 2460 |ParentID: 656)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2540 |ParentID: 656)
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (ID: 2572 |ParentID: 656)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 2656 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 2932 |ParentID: 656)
C:\Windows\System32\WUDFHost.exe (ID: 3084 |ParentID: 352)
C:\Windows\system32\svchost.exe (ID: 3260 |ParentID: 656)
C:\Windows\System32\hkcmd.exe (ID: 3456 |ParentID: 1728)
C:\Windows\System32\igfxpers.exe (ID: 3492 |ParentID: 1728)
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (ID: 3500 |ParentID: 1728)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3520 |ParentID: 1728)
C:\Program Files (x86)\QuickTime\qttask.exe (ID: 3812 |ParentID: 3664)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3840 |ParentID: 3664)
C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\MediaDico36.exe (ID: 3900 |ParentID: 3544)
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe (ID: 3188 |ParentID: 3628)
C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\RAC36.exe (ID: 2416 |ParentID: 3544)
C:\Windows\system32\SearchIndexer.exe (ID: 3680 |ParentID: 656)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3884 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 3836 |ParentID: 656)
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (ID: 756 |ParentID: 656)
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (ID: 1548 |ParentID: 756)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 1852 |ParentID: 656)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4840 |ParentID: 656)
C:\Windows\system32\wuauclt.exe (ID: 3448 |ParentID: 448)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 3432 |ParentID: 1520)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 4668 |ParentID: 1728)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3676 |ParentID: 4668)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 3856 |ParentID: 656)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingApp.exe (ID: 1436 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingBar.exe (ID: 4408 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 4964 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 856 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 5020 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 1588 |ParentID: 784)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3752 |ParentID: 4668)
C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 11820 |ParentID: 784)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 4980 |ParentID: 4668)
C:\Windows\system32\taskhost.exe (ID: 11440 |ParentID: 656)
C:\UsbFix\Go.exe (ID: 6460 |ParentID: 11484)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3240 |ParentID: 784)
################## | Regedit Run |
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [HPSYSDRV] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
04 - HKLM64\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [MediaDICO36] C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [iLivid] "C:\Users\SOCIETE YAYA\AppData\Local\iLivid\iLivid.exe" -autorun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
A voir également:
- Raccourcis sur ma USB
- Clé usb non détectée - Guide
- Clé usb - Accueil - Stockage
- Hp usb disk storage format tool - Télécharger - Stockage
- Formater clé usb - Guide
- Usb show - Télécharger - Sauvegarde
3 réponses
############################## | UsbFix V 7.159 | [Recherche]
Utilisateur: SOCIETE YAYA (Administrateur) # SOCIETEYAYA-HP
Mis à jour le 06/01/2014 par El Desaparecido - Team SosVirus
Lancé à 17:04:52 | 06/01/2014
Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: PEGATRON CORPORATION (2AE2)
CPU: Intel(R) Pentium(R) CPU G640T @ 2.40GHz
RAM -> [Total : 1932 Mo| Free : 414 Mo]
Bios: AMI
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 449 Go (396 Go libre(s) - 88%) [OS] # NTFS
D:\ -> Disque fixe # 16 Go (2 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 84%) [LILY] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 460 |ParentID: 448)
C:\Windows\system32\wininit.exe (ID: 536 |ParentID: 448)
C:\Windows\system32\csrss.exe (ID: 548 |ParentID: 528)
C:\Windows\system32\winlogon.exe (ID: 608 |ParentID: 528)
C:\Windows\system32\services.exe (ID: 656 |ParentID: 536)
C:\Windows\system32\lsass.exe (ID: 664 |ParentID: 536)
C:\Windows\system32\lsm.exe (ID: 676 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 872 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 968 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 352 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 488 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 448 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 1064 |ParentID: 656)
C:\Windows\System32\spoolsv.exe (ID: 1204 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 1240 |ParentID: 656)
C:\Windows\system32\taskhost.exe (ID: 1508 |ParentID: 656)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1664 |ParentID: 656)
C:\Windows\system32\Dwm.exe (ID: 1704 |ParentID: 352)
C:\Windows\Explorer.EXE (ID: 1728 |ParentID: 1684)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (ID: 1964 |ParentID: 656)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1076 |ParentID: 656)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 1532 |ParentID: 656)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 1724 |ParentID: 656)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1340 |ParentID: 1076)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe (ID: 1820 |ParentID: 1076)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 1888 |ParentID: 1532)
C:\Windows\System32\svchost.exe (ID: 2056 |ParentID: 656)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2316 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 2384 |ParentID: 656)
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (ID: 2460 |ParentID: 656)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2540 |ParentID: 656)
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (ID: 2572 |ParentID: 656)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 2656 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 2932 |ParentID: 656)
C:\Windows\System32\WUDFHost.exe (ID: 3084 |ParentID: 352)
C:\Windows\system32\svchost.exe (ID: 3260 |ParentID: 656)
C:\Windows\System32\hkcmd.exe (ID: 3456 |ParentID: 1728)
C:\Windows\System32\igfxpers.exe (ID: 3492 |ParentID: 1728)
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (ID: 3500 |ParentID: 1728)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3520 |ParentID: 1728)
C:\Program Files (x86)\QuickTime\qttask.exe (ID: 3812 |ParentID: 3664)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3840 |ParentID: 3664)
C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\MediaDico36.exe (ID: 3900 |ParentID: 3544)
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe (ID: 3188 |ParentID: 3628)
C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\RAC36.exe (ID: 2416 |ParentID: 3544)
C:\Windows\system32\SearchIndexer.exe (ID: 3680 |ParentID: 656)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3884 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 3836 |ParentID: 656)
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (ID: 756 |ParentID: 656)
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (ID: 1548 |ParentID: 756)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 1852 |ParentID: 656)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4840 |ParentID: 656)
C:\Windows\system32\wuauclt.exe (ID: 3448 |ParentID: 448)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 3432 |ParentID: 1520)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 4668 |ParentID: 1728)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3676 |ParentID: 4668)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 3856 |ParentID: 656)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingApp.exe (ID: 1436 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingBar.exe (ID: 4408 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 4964 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 856 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 5020 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 1588 |ParentID: 784)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3752 |ParentID: 4668)
C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 11820 |ParentID: 784)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 4980 |ParentID: 4668)
C:\Windows\system32\taskhost.exe (ID: 11440 |ParentID: 656)
C:\UsbFix\Go.exe (ID: 6460 |ParentID: 11484)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3240 |ParentID: 784)
################## | Regedit Run |
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [HPSYSDRV] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
04 - HKLM64\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [MediaDICO36] C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [iLivid] "C:\Users\SOCIETE YAYA\AppData\Local\iLivid\iLivid.exe" -autorun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Utilisateur: SOCIETE YAYA (Administrateur) # SOCIETEYAYA-HP
Mis à jour le 06/01/2014 par El Desaparecido - Team SosVirus
Lancé à 17:04:52 | 06/01/2014
Site Web : http://www.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: PEGATRON CORPORATION (2AE2)
CPU: Intel(R) Pentium(R) CPU G640T @ 2.40GHz
RAM -> [Total : 1932 Mo| Free : 414 Mo]
Bios: AMI
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 449 Go (396 Go libre(s) - 88%) [OS] # NTFS
D:\ -> Disque fixe # 16 Go (2 Go libre(s) - 12%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 84%) [LILY] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 460 |ParentID: 448)
C:\Windows\system32\wininit.exe (ID: 536 |ParentID: 448)
C:\Windows\system32\csrss.exe (ID: 548 |ParentID: 528)
C:\Windows\system32\winlogon.exe (ID: 608 |ParentID: 528)
C:\Windows\system32\services.exe (ID: 656 |ParentID: 536)
C:\Windows\system32\lsass.exe (ID: 664 |ParentID: 536)
C:\Windows\system32\lsm.exe (ID: 676 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 872 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 968 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 352 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 488 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 448 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 1064 |ParentID: 656)
C:\Windows\System32\spoolsv.exe (ID: 1204 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 1240 |ParentID: 656)
C:\Windows\system32\taskhost.exe (ID: 1508 |ParentID: 656)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1664 |ParentID: 656)
C:\Windows\system32\Dwm.exe (ID: 1704 |ParentID: 352)
C:\Windows\Explorer.EXE (ID: 1728 |ParentID: 1684)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe (ID: 1964 |ParentID: 656)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1076 |ParentID: 656)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 1532 |ParentID: 656)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 1724 |ParentID: 656)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (ID: 1340 |ParentID: 1076)
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe (ID: 1820 |ParentID: 1076)
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID: 1888 |ParentID: 1532)
C:\Windows\System32\svchost.exe (ID: 2056 |ParentID: 656)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2316 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 2384 |ParentID: 656)
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (ID: 2460 |ParentID: 656)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2540 |ParentID: 656)
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (ID: 2572 |ParentID: 656)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 2656 |ParentID: 656)
C:\Windows\system32\svchost.exe (ID: 2932 |ParentID: 656)
C:\Windows\System32\WUDFHost.exe (ID: 3084 |ParentID: 352)
C:\Windows\system32\svchost.exe (ID: 3260 |ParentID: 656)
C:\Windows\System32\hkcmd.exe (ID: 3456 |ParentID: 1728)
C:\Windows\System32\igfxpers.exe (ID: 3492 |ParentID: 1728)
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (ID: 3500 |ParentID: 1728)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3520 |ParentID: 1728)
C:\Program Files (x86)\QuickTime\qttask.exe (ID: 3812 |ParentID: 3664)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3840 |ParentID: 3664)
C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\MediaDico36.exe (ID: 3900 |ParentID: 3544)
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe (ID: 3188 |ParentID: 3628)
C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\RAC36.exe (ID: 2416 |ParentID: 3544)
C:\Windows\system32\SearchIndexer.exe (ID: 3680 |ParentID: 656)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3884 |ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 3836 |ParentID: 656)
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (ID: 756 |ParentID: 656)
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (ID: 1548 |ParentID: 756)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 1852 |ParentID: 656)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4840 |ParentID: 656)
C:\Windows\system32\wuauclt.exe (ID: 3448 |ParentID: 448)
C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 3432 |ParentID: 1520)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 4668 |ParentID: 1728)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3676 |ParentID: 4668)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 3856 |ParentID: 656)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingApp.exe (ID: 1436 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingBar.exe (ID: 4408 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 4964 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 856 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 5020 |ParentID: 784)
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingSurrogate.exe (ID: 1588 |ParentID: 784)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 3752 |ParentID: 4668)
C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 11820 |ParentID: 784)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (ID: 4980 |ParentID: 4668)
C:\Windows\system32\taskhost.exe (ID: 11440 |ParentID: 656)
C:\UsbFix\Go.exe (ID: 6460 |ParentID: 11484)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3240 |ParentID: 784)
################## | Regedit Run |
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [HPSYSDRV] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
04 - HKLM64\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [MediaDICO36] C:\Program Files (x86)\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-2526687688-351129779-1123542728-1000\..\Run : [iLivid] "C:\Users\SOCIETE YAYA\AppData\Local\iLivid\iLivid.exe" -autorun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
