Rapport UsbFix.txt: dois-je passer à l'option suppression?
Résolu
Travis Bickle
Messages postés
2
Date d'inscription
Statut
Membre
Dernière intervention
-
diomak Messages postés 1 Date d'inscription Statut Membre Dernière intervention -
diomak Messages postés 1 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
J'ai découvert que mon ordinateur était infecté par le virus Conficker. J'ai donc suivi les instructions suivantes:
https://www.commentcamarche.net/faq/16710-comment-supprimer-le-virus-conficker-downadup-kido#preliminaire
Et il me semble que Conficker a été supprimé. Le moment est donc venu de désinfecter mon smartphone (un iPhone 4). Comme recommandé, je vous demande conseil: dois-je bel et bien passer à l'option suppression?
Voici le rapport UsbFix.txt obtenu, mais, avant, mes remerciements infinis pour votre attention et vos conseils:
############################## | UsbFix V 7.159 | [Recherche]
Utilisateur: Travis (Administrateur) # NOM-W8KZ05N5F7S
Mis à jour le 06/01/2014 par El Desaparecido - Team SosVirus
Lancé à 12:25:01 | 09/01/2014
Site Web : https://www.usbfix.net/
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: ASUSTeK Computer INC. ('P4SD-LA')
CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz
RAM -> [Total : 511 Mo| Free : 297 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 6.0.2900.2180
WB: Mozilla Firefox : 26.0
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 145 Go (23 Go libre(s) - 16%) [HP_PAVILION] # NTFS
D:\ -> Disque fixe # 4 Go (791 Mo libre(s) - 20%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM
F:\ -> CD-ROM
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (ID: 460 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 556 |ParentID: 460)
C:\WINDOWS\system32\services.exe (ID: 600 |ParentID: 556)
C:\WINDOWS\system32\lsass.exe (ID: 612 |ParentID: 556)
C:\WINDOWS\system32\svchost.exe (ID: 760 |ParentID: 600)
C:\WINDOWS\System32\svchost.exe (ID: 884 |ParentID: 600)
C:\WINDOWS\system32\spoolsv.exe (ID: 1192 |ParentID: 600)
C:\WINDOWS\Explorer.EXE (ID: 1488 |ParentID: 1392)
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1548 |ParentID: 600)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1564 |ParentID: 600)
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (ID: 1716 |ParentID: 600)
C:\Program Files\Google\Update\GoogleUpdate.exe (ID: 1832 |ParentID: 1640)
C:\WINDOWS\System32\nvsvc32.exe (ID: 1896 |ParentID: 600)
C:\WINDOWS\System32\svchost.exe (ID: 2004 |ParentID: 600)
C:\windows\system\hpsysdrv.exe (ID: 340 |ParentID: 1488)
C:\HP\KBD\KBD.EXE (ID: 348 |ParentID: 1488)
C:\WINDOWS\system32\rundll32.exe (ID: 436 |ParentID: 316)
C:\Program Files\Multimedia Card Reader\shwicon2k.exe (ID: 444 |ParentID: 1488)
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (ID: 456 |ParentID: 1488)
C:\program files\real\realplayer\update\realsched.exe (ID: 524 |ParentID: 1488)
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (ID: 528 |ParentID: 1488)
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe (ID: 724 |ParentID: 760)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 864 |ParentID: 1488)
C:\Program Files\Messenger\msmsgs.exe (ID: 876 |ParentID: 1488)
C:\WINDOWS\system32\ctfmon.exe (ID: 940 |ParentID: 1488)
C:\Program Files\Olympus\ib\olycamdetect.exe (ID: 916 |ParentID: 1488)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ID: 1080 |ParentID: 1488)
C:\Documents and Settings\Travis.NOM-W8KZ05N5F7S.000\Application Data\Dropbox\bin\Dropbox.exe (ID: 1608 |ParentID: 1488)
C:\Program Files\iPod\bin\iPodService.exe (ID: 2124 |ParentID: 600)
C:\WINDOWS\system32\wscntfy.exe (ID: 2416 |ParentID: 884)
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (ID: 3756 |ParentID: 1080)
C:\Program Files\AVG\AVG2014\avgidsagent.exe (ID: 520 |ParentID: 600)
C:\Program Files\AVG\AVG2014\avgwdsvc.exe (ID: 2148 |ParentID: 600)
C:\Program Files\AVG\AVG2014\avgui.exe (ID: 3924 |ParentID: 3104)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\distnoted.exe (ID: 2188 |ParentID: 3616)
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServer.exe (ID: 3968 |ParentID: 3616)
C:\UsbFix\Go.exe (ID: 1668 |ParentID: 3276)
################## | Regedit Run |
04 - HKLM\..\Run : [hpsysdrv] c:\windows\system\hpsysdrv.exe
04 - HKLM\..\Run : [KBD] C:\HP\KBD\KBD.EXE
04 - HKLM\..\Run : [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
04 - HKLM\..\Run : [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
04 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
04 - HKLM\..\Run : [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
04 - HKLM\..\Run : [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
04 - HKLM\..\Run : [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
04 - HKLM\..\Run : [PS2] C:\WINDOWS\system32\ps2.exe
04 - HKLM\..\Run : [Videora] C:\Program Files\Videora\Videora.exe -t
04 - HKLM\..\Run : [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
04 - HKLM\..\Run : [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
04 - HKLM\..\Run : [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\..\RunOnce : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [RecordNow!]
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
04 - HKU\S-1-5-18\..\RunOnce : [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0"
################## | Recherche générique |
Présent! C:\WINDOWS\system32\kituss.dll.vir
Présent! D:\autorun.inf
################## | Registre |
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
J'ai découvert que mon ordinateur était infecté par le virus Conficker. J'ai donc suivi les instructions suivantes:
https://www.commentcamarche.net/faq/16710-comment-supprimer-le-virus-conficker-downadup-kido#preliminaire
Et il me semble que Conficker a été supprimé. Le moment est donc venu de désinfecter mon smartphone (un iPhone 4). Comme recommandé, je vous demande conseil: dois-je bel et bien passer à l'option suppression?
Voici le rapport UsbFix.txt obtenu, mais, avant, mes remerciements infinis pour votre attention et vos conseils:
############################## | UsbFix V 7.159 | [Recherche]
Utilisateur: Travis (Administrateur) # NOM-W8KZ05N5F7S
Mis à jour le 06/01/2014 par El Desaparecido - Team SosVirus
Lancé à 12:25:01 | 09/01/2014
Site Web : https://www.usbfix.net/
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: ASUSTeK Computer INC. ('P4SD-LA')
CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz
RAM -> [Total : 511 Mo| Free : 297 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 6.0.2900.2180
WB: Mozilla Firefox : 26.0
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 145 Go (23 Go libre(s) - 16%) [HP_PAVILION] # NTFS
D:\ -> Disque fixe # 4 Go (791 Mo libre(s) - 20%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM
F:\ -> CD-ROM
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (ID: 460 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 556 |ParentID: 460)
C:\WINDOWS\system32\services.exe (ID: 600 |ParentID: 556)
C:\WINDOWS\system32\lsass.exe (ID: 612 |ParentID: 556)
C:\WINDOWS\system32\svchost.exe (ID: 760 |ParentID: 600)
C:\WINDOWS\System32\svchost.exe (ID: 884 |ParentID: 600)
C:\WINDOWS\system32\spoolsv.exe (ID: 1192 |ParentID: 600)
C:\WINDOWS\Explorer.EXE (ID: 1488 |ParentID: 1392)
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1548 |ParentID: 600)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1564 |ParentID: 600)
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (ID: 1716 |ParentID: 600)
C:\Program Files\Google\Update\GoogleUpdate.exe (ID: 1832 |ParentID: 1640)
C:\WINDOWS\System32\nvsvc32.exe (ID: 1896 |ParentID: 600)
C:\WINDOWS\System32\svchost.exe (ID: 2004 |ParentID: 600)
C:\windows\system\hpsysdrv.exe (ID: 340 |ParentID: 1488)
C:\HP\KBD\KBD.EXE (ID: 348 |ParentID: 1488)
C:\WINDOWS\system32\rundll32.exe (ID: 436 |ParentID: 316)
C:\Program Files\Multimedia Card Reader\shwicon2k.exe (ID: 444 |ParentID: 1488)
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (ID: 456 |ParentID: 1488)
C:\program files\real\realplayer\update\realsched.exe (ID: 524 |ParentID: 1488)
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (ID: 528 |ParentID: 1488)
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe (ID: 724 |ParentID: 760)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 864 |ParentID: 1488)
C:\Program Files\Messenger\msmsgs.exe (ID: 876 |ParentID: 1488)
C:\WINDOWS\system32\ctfmon.exe (ID: 940 |ParentID: 1488)
C:\Program Files\Olympus\ib\olycamdetect.exe (ID: 916 |ParentID: 1488)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ID: 1080 |ParentID: 1488)
C:\Documents and Settings\Travis.NOM-W8KZ05N5F7S.000\Application Data\Dropbox\bin\Dropbox.exe (ID: 1608 |ParentID: 1488)
C:\Program Files\iPod\bin\iPodService.exe (ID: 2124 |ParentID: 600)
C:\WINDOWS\system32\wscntfy.exe (ID: 2416 |ParentID: 884)
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (ID: 3756 |ParentID: 1080)
C:\Program Files\AVG\AVG2014\avgidsagent.exe (ID: 520 |ParentID: 600)
C:\Program Files\AVG\AVG2014\avgwdsvc.exe (ID: 2148 |ParentID: 600)
C:\Program Files\AVG\AVG2014\avgui.exe (ID: 3924 |ParentID: 3104)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\distnoted.exe (ID: 2188 |ParentID: 3616)
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServer.exe (ID: 3968 |ParentID: 3616)
C:\UsbFix\Go.exe (ID: 1668 |ParentID: 3276)
################## | Regedit Run |
04 - HKLM\..\Run : [hpsysdrv] c:\windows\system\hpsysdrv.exe
04 - HKLM\..\Run : [KBD] C:\HP\KBD\KBD.EXE
04 - HKLM\..\Run : [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
04 - HKLM\..\Run : [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
04 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
04 - HKLM\..\Run : [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
04 - HKLM\..\Run : [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
04 - HKLM\..\Run : [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
04 - HKLM\..\Run : [PS2] C:\WINDOWS\system32\ps2.exe
04 - HKLM\..\Run : [Videora] C:\Program Files\Videora\Videora.exe -t
04 - HKLM\..\Run : [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
04 - HKLM\..\Run : [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
04 - HKLM\..\Run : [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\..\RunOnce : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [RecordNow!]
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
04 - HKU\S-1-5-21-255160997-4084303343-1436162730-1011\..\Run : [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
04 - HKU\S-1-5-18\..\RunOnce : [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0"
################## | Recherche générique |
Présent! C:\WINDOWS\system32\kituss.dll.vir
Présent! D:\autorun.inf
################## | Registre |
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
A voir également:
- Rapport UsbFix.txt: dois-je passer à l'option suppression?
- Plan rapport de stage - Guide
- Rapport erreur windows - Guide
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant - Forum Excel
- Thème rapport de stage comptabilité - Forum Word
- Rapport sur le dark web - Accueil - Protection
4 réponses
Salut,
Tu peux oui.
Faudrait que les clefs USB soient branchées.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Tu peux oui.
Faudrait que les clefs USB soient branchées.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
C'est fait. Heureusement que j'avais installé AVG auparavant, sinon le virus revenait... En tout cas, merci beaucoup pour ta réactivité, Malekal!
bonjour cher amis
je me suis tromper du rapport de usbfix , ce n'est celui publier en haut je suis vraiment desolé, donc c'est bien le suivant:
############################## | UsbFix V 7.162 | [Research]
User: Administrateur (Administrator) # RIAD
Updated 27/01/2014 by El Desaparecido - Team SosVirus
Started at 06:26:06 | 30/01/2014
Website : http://www.en.usbfix.net
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: SAMSUNG ELECTRONICS CO., LTD. (R510/P510 )
CPU: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
RAM -> [Total : 2009 Mo| Free : 1271 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Google Chrome : 32.0.1700.76
WB: Mozilla Firefox : 26.0
SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]
FW: Windows FireWall [Enabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001
C:\ (%systemdrive%) -> Fixed drive # 81 Gb (41 Mb free - 51%) [] # NTFS
D:\ -> Fixed drive # 71 Gb (63 Mb free - 89%) [Nouveau nom] # NTFS
E:\ -> Fixed drive # 71 Gb (58 Mb free - 81%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
J:\ -> Fixed drive # 466 Gb (287 Mb free - 62%) [TRANSCEND] # FAT32
################## | Active Processes |
C:\WINDOWS\System32\smss.exe (ID: 872 |ParentID: 4)
C:\WINDOWS\system32\csrss.exe (ID: 936 |ParentID: 872)
C:\WINDOWS\system32\winlogon.exe (ID: 960 |ParentID: 872)
C:\WINDOWS\system32\services.exe (ID: 1004 |ParentID: 960)
C:\WINDOWS\system32\lsass.exe (ID: 1016 |ParentID: 960)
C:\WINDOWS\system32\svchost.exe (ID: 1196 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1264 |ParentID: 1004)
C:\WINDOWS\System32\svchost.exe (ID: 1304 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1344 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1420 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1468 |ParentID: 1004)
C:\WINDOWS\system32\spoolsv.exe (ID: 1708 |ParentID: 1004)
C:\WINDOWS\Explorer.EXE (ID: 1972 |ParentID: 1928)
C:\WINDOWS\system32\agrsmsvc.exe (ID: 452 |ParentID: 1004)
C:\WINDOWS\system32\ftspssrv.exe (ID: 472 |ParentID: 1004)
C:\Program Files\ma-config.com\MaConfigAgent.exe (ID: 532 |ParentID: 1004)
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 660 |ParentID: 1004)
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 700 |ParentID: 1004)
C:\WINDOWS\System32\svchost.exe (ID: 1172 |ParentID: 1004)
C:\Program Files\PDF Suite 2011\ConversionService.exe (ID: 1216 |ParentID: 1004)
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 1224 |ParentID: 700)
C:\WINDOWS\System32\svchost.exe (ID: 1388 |ParentID: 1004)
C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe (ID: 1404 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1436 |ParentID: 1004)
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (ID: 1616 |ParentID: 1004)
C:\WINDOWS\system32\hkcmd.exe (ID: 2348 |ParentID: 1972)
C:\PROGRA~1\HSPAUS~1\HSPALA~1.EXE (ID: 2384 |ParentID: 1972)
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (ID: 2476 |ParentID: 1972)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 3756 |ParentID: 1196)
C:\WINDOWS\RTHDCPL.EXE (ID: 2244 |ParentID: 1972)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 2840 |ParentID: 1972)
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (ID: 3076 |ParentID: 2264)
C:\Program Files\Fichiers communs\sagem SA\DgIpSvr.exe (ID: 3316 |ParentID: 1972)
C:\WINDOWS\System32\svchost.exe (ID: 3684 |ParentID: 1004)
C:\WINDOWS\system32\ctfmon.exe (ID: 3692 |ParentID: 1972)
C:\WINDOWS\system32\igfxext.exe (ID: 1740 |ParentID: 1196)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 228 |ParentID: 1972)
C:\Program Files\uTorrent\uTorrent.exe (ID: 2720 |ParentID: 1972)
C:\WINDOWS\system32\svchost.exe (ID: 3968 |ParentID: 3640)
C:\Program Files\WinZip\WZQKPICK32.EXE (ID: 4080 |ParentID: 1972)
C:\WINDOWS\system32\mspaint.exe (ID: 2204 |ParentID: 3968)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 3536 |ParentID: 228)
C:\Program Files\iPod\bin\iPodService.exe (ID: 1768 |ParentID: 1004)
C:\WINDOWS\system32\NOTEPAD.EXE (ID: 388 |ParentID: 1972)
C:\Program Files\Mozilla Firefox\firefox.exe (ID: 2628 |ParentID: 124)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 2756 |ParentID: 1196)
C:\WINDOWS\system32\NOTEPAD.EXE (ID: 2828 |ParentID: 2804)
################## | Regedit Run |
04 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKLM\..\Run : [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
04 - HKLM\..\Run : [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [HSPALauncher] C:\PROGRA~1\HSPAUS~1\HSPALA~1.EXE
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
04 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [ServeurIPAsde] C:\Program Files\Fichiers communs\sagem SA\DgIpSvr.exe
04 - HKLM\..\RunOnce : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19\..\Run : [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
04 - HKU\S-1-5-19\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
04 - HKU\S-1-5-20\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKU\S-1-5-21-602162358-1801674531-1417001333-500\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-602162358-1801674531-1417001333-500\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKU\S-1-5-21-602162358-1801674531-1417001333-500\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-602162358-1801674531-1417001333-500\..\Run : [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-18\..\Run : [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
04 - HKU\S-1-5-18\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKU\S-1-5-18\..\Run : [SearchProtect] C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-19\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-19\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-20\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
################## | Generic Research |
Found ! C:\Documents and Settings\Administrateur\Application Data\temp.bin
Found ! J:\Radia Manel 2007.lnk
Found ! J:\AMR DIAB.lnk
Found ! J:\DAHMAN6.lnk
Found ! J:\Lotfi Double Kanon Remix 2010.lnk
Found ! J:\apps.lnk
Found ! J:\ADATA.lnk
Found ! J:\Magix maker 2007.lnk
Found ! J:\System Volume Information.lnk
Found ! J:\IDRIS.lnk
Found ! J:\user riad.lnk
Found ! J:\RIAD FOLDER.lnk
Found ! J:\Abranis.lnk
Found ! J:\Kitchen Draw v5.0_by_Asif.lnk
Found ! J:\Nouveau dossier (2).lnk
Found ! J:\Parrtion E.lnk
Found ! J:\0- Bled.lnk
Found ! J:\Application apple.lnk
Found ! J:\Galaxy SII tools.lnk
Found ! J:\Sauvegarde galaxy S2.lnk
Found ! J:\rotaplan.lnk
Found ! J:\ROTA PLAN.lnk
Found ! J:\Flash C7.lnk
Found ! J:\Activation PDF X pro 10.0.0.lnk
Found ! J:\win xp sp3.lnk
Found ! J:\photos et video Aid.lnk
Found ! J:\riad.lnk
Found ! J:\f16.lnk
Found ! J:\Winrar 4.01.lnk
Found ! J:\shemas pieces 406 hdi.lnk
Found ! J:\FirefoxPortable.lnk
Found ! J:\service box peugeot.lnk
Found ! J:\VIDEO_TS.lnk
Found ! J:\$RECYCLE.BIN.lnk
Found ! J:\DIAGBOX V 7.XX.lnk
Found ! J:\RENAULT CAN Clip.lnk
Found ! J:\Tolerance Data 2009.2.lnk
Found ! J:\Autodata 2011.lnk
Found ! J:\ITC Folder.lnk
Found ! J:\New Folder.lnk
Found ! J:\TEG Competition.lnk
Found ! J:\Adobe Acrobat XI Pro v11.lnk
Found ! J:\DRIVER RyAD.lnk
Found ! J:\sid ali.lnk
Found ! J:\Win zip 17.5.lnk
Found ! J:\Teracopier+serial.lnk
Found ! J:\Google Earth.lnk
Found ! J:\µTorrent.lnk
Found ! J:\Utility.lnk
Found ! J:\Recycled.lnk
Found ! J:\Transcend Files.lnk
Found ! J:\ilyes v2.lnk
Found ! J:\ZAHIR ABDJAOUI.lnk
Found ! J:\zimou.lnk
Found ! J:\Kabyle top.lnk
Found ! J:\hakim tidaf.lnk
Found ! J:\HACENE AHRES.lnk
Found ! J:\hafid djemai.lnk
Found ! J:\BOUHI.lnk
Found ! J:\Bazziz.lnk
Found ! J:\Akli Yahyathen.lnk
Found ! J:\Ali Amran - Akka Id Amur.lnk
Found ! J:\Ali Amran -Amsevrid-.lnk
Found ! J:\Hamidouche.lnk
Found ! J:\Brayan Adams.lnk
Found ! J:\Dance English.lnk
Found ! J:\Jimi Hendrix - South Saturn Delta (1997).lnk
Found ! J:\(2005) Dire Straits Mark Knopfler Private Investigations The Best Of.lnk
Found ! J:\CD1- The Very Best Of.lnk
Found ! J:\CD2- The Very Best Of.lnk
Found ! J:\Mark Knopfler .-2000 Sailing to Philadelphia.lnk
Found ! J:\Mark Knopfler.-1993 Screenplaying.lnk
Found ! J:\MODERN TOLKING.lnk
Found ! J:\Moderne Talking.lnk
Found ! J:\C-Naima D'ZIRIA.lnk
Found ! J:\ESMA DJERMOUN 2008.lnk
Found ! J:\Hassiba Abd El Raouf 2008.lnk
Found ! J:\.Trashes\48aa4276.scr
Found ! J:\.Trashes\Desktop.ini
Found ! D:\RECYCLER\S-1-5-21-1202660629-838170752-1801674531-1003
Found ! E:\RECYCLER\S-1-5-21-1202660629-838170752-1801674531-1003
################## | Registry |
Found ! HKLM\SYSTEM\CurrentControlSet\Services\amsint32
Found ! HKLM\SYSTEM\ControlSet001\Services\amsint32
Found ! HKLM\SYSTEM\ControlSet002\Services\amsint32
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Found ! HKLM\Software\Microsoft\Security Center|AntiVirusDisableNotify -> 1
Found ! HKLM\Software\Microsoft\Security Center|FirewallDisableNotify -> 1
Found ! HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify -> 1
Found ! HKLM\Software\Microsoft\Security Center|UacDisableNotify -> 1
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRecentDocs -> 0
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools -> 1
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr -> 1
################## | Vaccin |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
merci infiniment pour votre aide
je me suis tromper du rapport de usbfix , ce n'est celui publier en haut je suis vraiment desolé, donc c'est bien le suivant:
############################## | UsbFix V 7.162 | [Research]
User: Administrateur (Administrator) # RIAD
Updated 27/01/2014 by El Desaparecido - Team SosVirus
Started at 06:26:06 | 30/01/2014
Website : http://www.en.usbfix.net
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: SAMSUNG ELECTRONICS CO., LTD. (R510/P510 )
CPU: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
RAM -> [Total : 2009 Mo| Free : 1271 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Google Chrome : 32.0.1700.76
WB: Mozilla Firefox : 26.0
SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]
FW: Windows FireWall [Enabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001
C:\ (%systemdrive%) -> Fixed drive # 81 Gb (41 Mb free - 51%) [] # NTFS
D:\ -> Fixed drive # 71 Gb (63 Mb free - 89%) [Nouveau nom] # NTFS
E:\ -> Fixed drive # 71 Gb (58 Mb free - 81%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
J:\ -> Fixed drive # 466 Gb (287 Mb free - 62%) [TRANSCEND] # FAT32
################## | Active Processes |
C:\WINDOWS\System32\smss.exe (ID: 872 |ParentID: 4)
C:\WINDOWS\system32\csrss.exe (ID: 936 |ParentID: 872)
C:\WINDOWS\system32\winlogon.exe (ID: 960 |ParentID: 872)
C:\WINDOWS\system32\services.exe (ID: 1004 |ParentID: 960)
C:\WINDOWS\system32\lsass.exe (ID: 1016 |ParentID: 960)
C:\WINDOWS\system32\svchost.exe (ID: 1196 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1264 |ParentID: 1004)
C:\WINDOWS\System32\svchost.exe (ID: 1304 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1344 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1420 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1468 |ParentID: 1004)
C:\WINDOWS\system32\spoolsv.exe (ID: 1708 |ParentID: 1004)
C:\WINDOWS\Explorer.EXE (ID: 1972 |ParentID: 1928)
C:\WINDOWS\system32\agrsmsvc.exe (ID: 452 |ParentID: 1004)
C:\WINDOWS\system32\ftspssrv.exe (ID: 472 |ParentID: 1004)
C:\Program Files\ma-config.com\MaConfigAgent.exe (ID: 532 |ParentID: 1004)
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID: 660 |ParentID: 1004)
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (ID: 700 |ParentID: 1004)
C:\WINDOWS\System32\svchost.exe (ID: 1172 |ParentID: 1004)
C:\Program Files\PDF Suite 2011\ConversionService.exe (ID: 1216 |ParentID: 1004)
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (ID: 1224 |ParentID: 700)
C:\WINDOWS\System32\svchost.exe (ID: 1388 |ParentID: 1004)
C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe (ID: 1404 |ParentID: 1004)
C:\WINDOWS\system32\svchost.exe (ID: 1436 |ParentID: 1004)
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (ID: 1616 |ParentID: 1004)
C:\WINDOWS\system32\hkcmd.exe (ID: 2348 |ParentID: 1972)
C:\PROGRA~1\HSPAUS~1\HSPALA~1.EXE (ID: 2384 |ParentID: 1972)
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (ID: 2476 |ParentID: 1972)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 3756 |ParentID: 1196)
C:\WINDOWS\RTHDCPL.EXE (ID: 2244 |ParentID: 1972)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 2840 |ParentID: 1972)
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (ID: 3076 |ParentID: 2264)
C:\Program Files\Fichiers communs\sagem SA\DgIpSvr.exe (ID: 3316 |ParentID: 1972)
C:\WINDOWS\System32\svchost.exe (ID: 3684 |ParentID: 1004)
C:\WINDOWS\system32\ctfmon.exe (ID: 3692 |ParentID: 1972)
C:\WINDOWS\system32\igfxext.exe (ID: 1740 |ParentID: 1196)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 228 |ParentID: 1972)
C:\Program Files\uTorrent\uTorrent.exe (ID: 2720 |ParentID: 1972)
C:\WINDOWS\system32\svchost.exe (ID: 3968 |ParentID: 3640)
C:\Program Files\WinZip\WZQKPICK32.EXE (ID: 4080 |ParentID: 1972)
C:\WINDOWS\system32\mspaint.exe (ID: 2204 |ParentID: 3968)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 3536 |ParentID: 228)
C:\Program Files\iPod\bin\iPodService.exe (ID: 1768 |ParentID: 1004)
C:\WINDOWS\system32\NOTEPAD.EXE (ID: 388 |ParentID: 1972)
C:\Program Files\Mozilla Firefox\firefox.exe (ID: 2628 |ParentID: 124)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 2756 |ParentID: 1196)
C:\WINDOWS\system32\NOTEPAD.EXE (ID: 2828 |ParentID: 2804)
################## | Regedit Run |
04 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKLM\..\Run : [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
04 - HKLM\..\Run : [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [HSPALauncher] C:\PROGRA~1\HSPAUS~1\HSPALA~1.EXE
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
04 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [ServeurIPAsde] C:\Program Files\Fichiers communs\sagem SA\DgIpSvr.exe
04 - HKLM\..\RunOnce : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19\..\Run : [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
04 - HKU\S-1-5-19\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
04 - HKU\S-1-5-20\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKU\S-1-5-21-602162358-1801674531-1417001333-500\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-602162358-1801674531-1417001333-500\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKU\S-1-5-21-602162358-1801674531-1417001333-500\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-602162358-1801674531-1417001333-500\..\Run : [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-18\..\Run : [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
04 - HKU\S-1-5-18\..\Run : [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
04 - HKU\S-1-5-18\..\Run : [SearchProtect] C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\bin\cltmng.exe
04 - HKU\S-1-5-19\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-19\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-19\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-20\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
################## | Generic Research |
Found ! C:\Documents and Settings\Administrateur\Application Data\temp.bin
Found ! J:\Radia Manel 2007.lnk
Found ! J:\AMR DIAB.lnk
Found ! J:\DAHMAN6.lnk
Found ! J:\Lotfi Double Kanon Remix 2010.lnk
Found ! J:\apps.lnk
Found ! J:\ADATA.lnk
Found ! J:\Magix maker 2007.lnk
Found ! J:\System Volume Information.lnk
Found ! J:\IDRIS.lnk
Found ! J:\user riad.lnk
Found ! J:\RIAD FOLDER.lnk
Found ! J:\Abranis.lnk
Found ! J:\Kitchen Draw v5.0_by_Asif.lnk
Found ! J:\Nouveau dossier (2).lnk
Found ! J:\Parrtion E.lnk
Found ! J:\0- Bled.lnk
Found ! J:\Application apple.lnk
Found ! J:\Galaxy SII tools.lnk
Found ! J:\Sauvegarde galaxy S2.lnk
Found ! J:\rotaplan.lnk
Found ! J:\ROTA PLAN.lnk
Found ! J:\Flash C7.lnk
Found ! J:\Activation PDF X pro 10.0.0.lnk
Found ! J:\win xp sp3.lnk
Found ! J:\photos et video Aid.lnk
Found ! J:\riad.lnk
Found ! J:\f16.lnk
Found ! J:\Winrar 4.01.lnk
Found ! J:\shemas pieces 406 hdi.lnk
Found ! J:\FirefoxPortable.lnk
Found ! J:\service box peugeot.lnk
Found ! J:\VIDEO_TS.lnk
Found ! J:\$RECYCLE.BIN.lnk
Found ! J:\DIAGBOX V 7.XX.lnk
Found ! J:\RENAULT CAN Clip.lnk
Found ! J:\Tolerance Data 2009.2.lnk
Found ! J:\Autodata 2011.lnk
Found ! J:\ITC Folder.lnk
Found ! J:\New Folder.lnk
Found ! J:\TEG Competition.lnk
Found ! J:\Adobe Acrobat XI Pro v11.lnk
Found ! J:\DRIVER RyAD.lnk
Found ! J:\sid ali.lnk
Found ! J:\Win zip 17.5.lnk
Found ! J:\Teracopier+serial.lnk
Found ! J:\Google Earth.lnk
Found ! J:\µTorrent.lnk
Found ! J:\Utility.lnk
Found ! J:\Recycled.lnk
Found ! J:\Transcend Files.lnk
Found ! J:\ilyes v2.lnk
Found ! J:\ZAHIR ABDJAOUI.lnk
Found ! J:\zimou.lnk
Found ! J:\Kabyle top.lnk
Found ! J:\hakim tidaf.lnk
Found ! J:\HACENE AHRES.lnk
Found ! J:\hafid djemai.lnk
Found ! J:\BOUHI.lnk
Found ! J:\Bazziz.lnk
Found ! J:\Akli Yahyathen.lnk
Found ! J:\Ali Amran - Akka Id Amur.lnk
Found ! J:\Ali Amran -Amsevrid-.lnk
Found ! J:\Hamidouche.lnk
Found ! J:\Brayan Adams.lnk
Found ! J:\Dance English.lnk
Found ! J:\Jimi Hendrix - South Saturn Delta (1997).lnk
Found ! J:\(2005) Dire Straits Mark Knopfler Private Investigations The Best Of.lnk
Found ! J:\CD1- The Very Best Of.lnk
Found ! J:\CD2- The Very Best Of.lnk
Found ! J:\Mark Knopfler .-2000 Sailing to Philadelphia.lnk
Found ! J:\Mark Knopfler.-1993 Screenplaying.lnk
Found ! J:\MODERN TOLKING.lnk
Found ! J:\Moderne Talking.lnk
Found ! J:\C-Naima D'ZIRIA.lnk
Found ! J:\ESMA DJERMOUN 2008.lnk
Found ! J:\Hassiba Abd El Raouf 2008.lnk
Found ! J:\.Trashes\48aa4276.scr
Found ! J:\.Trashes\Desktop.ini
Found ! D:\RECYCLER\S-1-5-21-1202660629-838170752-1801674531-1003
Found ! E:\RECYCLER\S-1-5-21-1202660629-838170752-1801674531-1003
################## | Registry |
Found ! HKLM\SYSTEM\CurrentControlSet\Services\amsint32
Found ! HKLM\SYSTEM\ControlSet001\Services\amsint32
Found ! HKLM\SYSTEM\ControlSet002\Services\amsint32
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Found ! HKLM\Software\Microsoft\Security Center|AntiVirusDisableNotify -> 1
Found ! HKLM\Software\Microsoft\Security Center|FirewallDisableNotify -> 1
Found ! HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify -> 1
Found ! HKLM\Software\Microsoft\Security Center|UacDisableNotify -> 1
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRecentDocs -> 0
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools -> 1
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr -> 1
################## | Vaccin |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
merci infiniment pour votre aide