Vbs agent axn
Résolu
yagayoo
Messages postés
7
Statut
Membre
-
Malekal_morte- Messages postés 184347 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 184347 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour voici le rapport usbfix.... que faire apres?
A voir également:
- Vbs agent axn
- Vbs windows - Accueil - Optimisation
- Agent ransack - Télécharger - Divers Utilitaires
- Agent quick share ✓ - Forum Virus
- Supprimer Quickshare - Forum Virus
- Trojan agent ✓ - Forum Virus
9 réponses
############################## | UsbFix V 7.161 | [Recherche]
Utilisateur: cypvirgmatleo (Administrateur) # TAINTEAM
Mis à jour le 15/01/2014 par El Desaparecido - Team SosVirus
Lancé à 12:15:52 | 18/01/2014
Site Web : https://www.usbfix.net/
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Acer (JE51_DN)
CPU: AMD Athlon(tm) II P360 Dual-Core Processor
RAM -> [Total : 4091 Mo| Free : 2568 Mo]
Bios: Acer
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.76
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 233 Go (107 Go libre(s) - 46%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 14 Go (10 Go libre(s) - 66%) [CYPVIRG] # FAT32
F:\ -> Disque amovible # 7 Go (6 Go libre(s) - 81%) [] # FAT32
G:\ -> Disque amovible # 32 Mo (0 Mo libre(s) - 0%) [] # FAT
H:\ -> Disque amovible # 1 Go (1 Go libre(s) - 90%) [IFSD] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 484 |ParentID: 408)
C:\Windows\system32\wininit.exe (ID: 552 |ParentID: 408)
C:\Windows\system32\csrss.exe (ID: 584 |ParentID: 560)
C:\Windows\system32\winlogon.exe (ID: 616 |ParentID: 560)
C:\Windows\system32\services.exe (ID: 660 |ParentID: 552)
C:\Windows\system32\lsass.exe (ID: 676 |ParentID: 552)
C:\Windows\system32\lsm.exe (ID: 684 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 868 |ParentID: 660)
C:\Windows\System32\svchost.exe (ID: 1012 |ParentID: 660)
C:\Windows\System32\svchost.exe (ID: 280 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 204 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 588 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 1212 |ParentID: 660)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1300 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 1504 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 1760 |ParentID: 660)
C:\Windows\System32\svchost.exe (ID: 3028 |ParentID: 660)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 816 |ParentID: 784)
C:\Windows\system32\Dwm.exe (ID: 3252 |ParentID: 280)
C:\Windows\Explorer.EXE (ID: 3272 |ParentID: 3228)
C:\Windows\system32\wbem\unsecapp.exe (ID: 2496 |ParentID: 784)
C:\Windows\System32\svchost.exe (ID: 4140 |ParentID: 660)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4328 |ParentID: 3844)
C:\Windows\System32\WUDFHost.exe (ID: 2308 |ParentID: 280)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3628 |ParentID: 660)
C:\Windows\system32\SearchIndexer.exe (ID: 3984 |ParentID: 660)
C:\Windows\SysWOW64\NOTEPAD.EXE (ID: 2160 |ParentID: 3696)
C:\Windows\System32\spoolsv.exe (ID: 3412 |ParentID: 660)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4676 |ParentID: 3272)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4400 |ParentID: 4676)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6132 |ParentID: 4676)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2888 |ParentID: 4676)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 376 |ParentID: 4676)
C:\Windows\servicing\TrustedInstaller.exe (ID: 3844 |ParentID: 660)
C:\Windows\system32\taskeng.exe (ID: 5156 |ParentID: 588)
C:\Windows\system32\SearchProtocolHost.exe (ID: 2476 |ParentID: 3984)
C:\Windows\system32\SearchFilterHost.exe (ID: 1900 |ParentID: 3984)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 5248 |ParentID: 784)
################## | Regedit Run |
04 - HKLM\..\Run : [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
04 - HKLM\..\Run : [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
04 - HKLM\..\Run : [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
04 - HKLM\..\Run : [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
04 - HKLM64\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKLM64\..\Run : [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\CYPVIR~1\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [Facebook Update] "C:\Users\cypvirgmatleo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://support.microsoft.com/en-us/windows/install-windows-7-service-pack-1-sp1-b3da2c0f-cdb6-0572-8596-bab972897f61" /build:7601
################## | Recherche générique |
Présent! C:\Users\cypvirgmatleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! C:\Users\CYPVIR~1\AppData\Local\Temp\iTunesHelper.vbe
Présent! E:\iTunesHelper.vbe
Présent! F:\iTunesHelper.vbe
Présent! H:\iTunesHelper.vbe
Présent! E:\.lnk
Présent! E:\PAPA.lnk
Présent! E:\photo.lnk
Présent! E:\Very bad trip 3.lnk
Présent! E:\.Spotlight-V100.lnk
Présent! F:\Percy.lnk
################## | Registre |
Présent! HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | Vaccin |
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
Utilisateur: cypvirgmatleo (Administrateur) # TAINTEAM
Mis à jour le 15/01/2014 par El Desaparecido - Team SosVirus
Lancé à 12:15:52 | 18/01/2014
Site Web : https://www.usbfix.net/
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Acer (JE51_DN)
CPU: AMD Athlon(tm) II P360 Dual-Core Processor
RAM -> [Total : 4091 Mo| Free : 2568 Mo]
Bios: Acer
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.76
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 233 Go (107 Go libre(s) - 46%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 14 Go (10 Go libre(s) - 66%) [CYPVIRG] # FAT32
F:\ -> Disque amovible # 7 Go (6 Go libre(s) - 81%) [] # FAT32
G:\ -> Disque amovible # 32 Mo (0 Mo libre(s) - 0%) [] # FAT
H:\ -> Disque amovible # 1 Go (1 Go libre(s) - 90%) [IFSD] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 484 |ParentID: 408)
C:\Windows\system32\wininit.exe (ID: 552 |ParentID: 408)
C:\Windows\system32\csrss.exe (ID: 584 |ParentID: 560)
C:\Windows\system32\winlogon.exe (ID: 616 |ParentID: 560)
C:\Windows\system32\services.exe (ID: 660 |ParentID: 552)
C:\Windows\system32\lsass.exe (ID: 676 |ParentID: 552)
C:\Windows\system32\lsm.exe (ID: 684 |ParentID: 552)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 868 |ParentID: 660)
C:\Windows\System32\svchost.exe (ID: 1012 |ParentID: 660)
C:\Windows\System32\svchost.exe (ID: 280 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 204 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 588 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 1212 |ParentID: 660)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1300 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 1504 |ParentID: 660)
C:\Windows\system32\svchost.exe (ID: 1760 |ParentID: 660)
C:\Windows\System32\svchost.exe (ID: 3028 |ParentID: 660)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 816 |ParentID: 784)
C:\Windows\system32\Dwm.exe (ID: 3252 |ParentID: 280)
C:\Windows\Explorer.EXE (ID: 3272 |ParentID: 3228)
C:\Windows\system32\wbem\unsecapp.exe (ID: 2496 |ParentID: 784)
C:\Windows\System32\svchost.exe (ID: 4140 |ParentID: 660)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4328 |ParentID: 3844)
C:\Windows\System32\WUDFHost.exe (ID: 2308 |ParentID: 280)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3628 |ParentID: 660)
C:\Windows\system32\SearchIndexer.exe (ID: 3984 |ParentID: 660)
C:\Windows\SysWOW64\NOTEPAD.EXE (ID: 2160 |ParentID: 3696)
C:\Windows\System32\spoolsv.exe (ID: 3412 |ParentID: 660)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4676 |ParentID: 3272)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4400 |ParentID: 4676)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6132 |ParentID: 4676)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2888 |ParentID: 4676)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 376 |ParentID: 4676)
C:\Windows\servicing\TrustedInstaller.exe (ID: 3844 |ParentID: 660)
C:\Windows\system32\taskeng.exe (ID: 5156 |ParentID: 588)
C:\Windows\system32\SearchProtocolHost.exe (ID: 2476 |ParentID: 3984)
C:\Windows\system32\SearchFilterHost.exe (ID: 1900 |ParentID: 3984)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 5248 |ParentID: 784)
################## | Regedit Run |
04 - HKLM\..\Run : [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
04 - HKLM\..\Run : [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
04 - HKLM\..\Run : [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
04 - HKLM\..\Run : [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
04 - HKLM64\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKLM64\..\Run : [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\CYPVIR~1\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [Facebook Update] "C:\Users\cypvirgmatleo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://support.microsoft.com/en-us/windows/install-windows-7-service-pack-1-sp1-b3da2c0f-cdb6-0572-8596-bab972897f61" /build:7601
################## | Recherche générique |
Présent! C:\Users\cypvirgmatleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! C:\Users\CYPVIR~1\AppData\Local\Temp\iTunesHelper.vbe
Présent! E:\iTunesHelper.vbe
Présent! F:\iTunesHelper.vbe
Présent! H:\iTunesHelper.vbe
Présent! E:\.lnk
Présent! E:\PAPA.lnk
Présent! E:\photo.lnk
Présent! E:\Very bad trip 3.lnk
Présent! E:\.Spotlight-V100.lnk
Présent! F:\Percy.lnk
################## | Registre |
Présent! HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | Vaccin |
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
############################## | UsbFix V 7.161 | [Suppression]
Utilisateur: cypvirgmatleo (Administrateur) # TAINTEAM
Mis à jour le 15/01/2014 par El Desaparecido - Team SosVirus
Lancé à 12:24:45 | 18/01/2014
Site Web : https://www.usbfix.net/
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Acer (JE51_DN)
CPU: AMD Athlon(tm) II P360 Dual-Core Processor
RAM -> [Total : 4091 Mo| Free : 2649 Mo]
Bios: Acer
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.76
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 233 Go (107 Go libre(s) - 46%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 14 Go (10 Go libre(s) - 66%) [CYPVIRG] # FAT32
F:\ -> Disque amovible # 7 Go (6 Go libre(s) - 81%) [] # FAT32
G:\ -> Disque amovible # 32 Mo (0 Mo libre(s) - 0%) [] # FAT
H:\ -> Disque amovible # 1 Go (1 Go libre(s) - 90%) [IFSD] # FAT32
################## | Processus Stoppés |
Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1300 |ParentID: 660)
Stoppé! C:\Windows\Explorer.EXE (ID: 3272 |ParentID: 3228)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4328 |ParentID: 3844)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 3112 |ParentID: 280)
Stoppé! C:\Windows\SysWOW64\NOTEPAD.EXE (ID: 5844 |ParentID: 5660)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 3600 |ParentID: 660)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5312 |ParentID: 3272)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4500 |ParentID: 5312)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5340 |ParentID: 5312)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4792 |ParentID: 5312)
Stoppé! C:\Windows\system32\SearchProtocolHost.exe (ID: 2216 |ParentID: 3600)
Stoppé! C:\Windows\system32\SearchFilterHost.exe (ID: 1160 |ParentID: 3600)
################## | Regedit Run |
04 - HKLM\..\Run : [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
04 - HKLM\..\Run : [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
04 - HKLM\..\Run : [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
04 - HKLM\..\Run : [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
04 - HKLM64\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKLM64\..\Run : [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\CYPVIR~1\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [Facebook Update] "C:\Users\cypvirgmatleo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://support.microsoft.com/en-us/windows/install-windows-7-service-pack-1-sp1-b3da2c0f-cdb6-0572-8596-bab972897f61" /build:7601
################## | Recherche générique |
Supprimé! C:\Users\cypvirgmatleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Supprimé! C:\Users\CYPVIR~1\AppData\Local\Temp\iTunesHelper.vbe
Supprimé! E:\iTunesHelper.vbe
Supprimé! F:\iTunesHelper.vbe
Supprimé! H:\iTunesHelper.vbe
Supprimé! E:\.lnk
Supprimé! E:\PAPA.lnk
Supprimé! E:\photo.lnk
Supprimé! E:\Very bad trip 3.lnk
Supprimé! E:\.Spotlight-V100.lnk
Supprimé! F:\Percy.lnk
(!) Fichiers temporaires supprimés.
################## | Registre |
Supprimé! HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | Listing |
[16/09/2013 - 19:29:04 | SHD] - C:\$Recycle.Bin
[22/09/2013 - 22:12:29 | D] - C:\1480c0a09f671ca02cf7ad79e0
[16/01/2014 - 13:18:27 | D] - C:\7c941e024b18d3f804a6838db1
[16/09/2013 - 18:45:00 | D] - C:\book
[23/09/2013 - 09:55:41 | SHD] - C:\Boot
[20/11/2010 - 13:40:07 | RASH | 375 Ko] - C:\bootmgr
[23/02/2011 - 11:33:34 | N | 8 Ko] - C:\BOOTSECT.BAK
[14/01/2014 - 09:31:04 | D] - C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[18/01/2014 - 10:33:14 | ASH | 3141808 Ko] - C:\hiberfil.sys
[16/09/2013 - 19:28:47 | D] - C:\OEM
[18/01/2014 - 10:34:17 | ASH | 4189080 Ko] - C:\pagefile.sys
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[21/10/2013 - 20:23:49 | D] - C:\Program Files
[09/01/2014 - 18:22:04 | D] - C:\Program Files (x86)
[09/01/2014 - 18:22:47 | HD] - C:\ProgramData
[16/09/2013 - 19:26:31 | SHD] - C:\Recovery
[18/01/2014 - 10:14:52 | SHD] - C:\System Volume Information
[18/01/2014 - 12:24:46 | D] - C:\UsbFix
[28/12/2013 - 17:04:53 | N | 1 Ko | C11380194D85ECAF839D7A64B0FF2D07] - C:\UsbFix [Clean 1] TAINTEAM.txt
[18/01/2014 - 12:25:47 | A | 6 Ko | 528AF120826EC3965D817C57E012E378] - C:\UsbFix [Clean 2] TAINTEAM.txt
[28/12/2013 - 17:02:21 | N | 10 Ko | 546BD0E353EC62E6455F0324DFF5F1B2] - C:\UsbFix [Scan 1] TAINTEAM.txt
[28/12/2013 - 17:16:27 | N | 10 Ko | 7A899391E39156790B269B3F23D59A31] - C:\UsbFix [Scan 2] TAINTEAM.txt
[28/12/2013 - 18:01:38 | N | 10 Ko | C59A2A3DE303BB3862450F06A528046B] - C:\UsbFix [Scan 3] TAINTEAM.txt
[18/01/2014 - 12:02:53 | N | 9 Ko | 6C9894A5B83F950624A7B0BECE07B056] - C:\UsbFix [Scan 5] TAINTEAM.txt
[18/01/2014 - 12:04:15 | N | 6 Ko | 13AE76ED8F598B720828DCC02E55D654] - C:\UsbFix [Scan 6] TAINTEAM.txt
[18/01/2014 - 12:16:47 | N | 7 Ko | C05138D1409E9F627B559F48B59D334E] - C:\UsbFix [Scan 8] TAINTEAM.txt
[16/09/2013 - 19:26:44 | D] - C:\Users
[16/01/2014 - 13:20:14 | D] - C:\Windows
[23/03/2013 - 12:46:08 | D] - E:\Dossier nourrisse
[07/09/2013 - 20:12:18 | SH | 4 Ko] - E:\._.Trashes
[07/09/2013 - 20:12:18 | SHD] - E:\.Trashes
[07/09/2013 - 20:12:18 | SHD] - E:\.fseventsd
[07/09/2013 - 20:12:20 | SHD] - E:\.Spotlight-V100
[17/06/2013 - 11:33:10 | D] - E:\RAP
[26/11/2013 - 10:30:00 | D] - E:\SART
[26/11/2013 - 14:51:34 | N | 0 Ko] - E:\.~lock.livret messe.odt#
[26/11/2013 - 10:29:10 | N | 213 Ko] - E:\PAPA.jpg
[18/12/2013 - 15:20:12 | N | 280 Ko] - E:\photo.jpg
[15/11/2013 - 12:32:06 | N | 1433331 Ko] - E:\The.Wolverine..avi
[15/11/2013 - 12:08:02 | N | 714650 Ko] - E:\Very bad trip 3.avi
[01/10/2013 - 22:42:22 | N | 716022 Ko] - E:\American nightmare- The purge.avi
[02/12/2013 - 22:13:52 | N | 716692 Ko] - E:\Kick.Ass.2..avi
[15/11/2013 - 12:25:00 | N | 1431534 Ko] - E:\Man.Of.Steel.avi
[21/11/2013 - 10:42:56 | N | 1432056 Ko] - F:\Percy.Jackson.Sea.of.Monsters.2013.FRENCH.BRRiP.XviD.AC3-Visual-www.Zone-Telechargement.com.avi
[24/12/2013 - 09:59:32 | D] - H:\LLN
################## | Vaccin |
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
Utilisateur: cypvirgmatleo (Administrateur) # TAINTEAM
Mis à jour le 15/01/2014 par El Desaparecido - Team SosVirus
Lancé à 12:24:45 | 18/01/2014
Site Web : https://www.usbfix.net/
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/
PC: Acer (JE51_DN)
CPU: AMD Athlon(tm) II P360 Dual-Core Processor
RAM -> [Total : 4091 Mo| Free : 2649 Mo]
Bios: Acer
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.76
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 233 Go (107 Go libre(s) - 46%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> Disque amovible # 14 Go (10 Go libre(s) - 66%) [CYPVIRG] # FAT32
F:\ -> Disque amovible # 7 Go (6 Go libre(s) - 81%) [] # FAT32
G:\ -> Disque amovible # 32 Mo (0 Mo libre(s) - 0%) [] # FAT
H:\ -> Disque amovible # 1 Go (1 Go libre(s) - 90%) [IFSD] # FAT32
################## | Processus Stoppés |
Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1300 |ParentID: 660)
Stoppé! C:\Windows\Explorer.EXE (ID: 3272 |ParentID: 3228)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4328 |ParentID: 3844)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 3112 |ParentID: 280)
Stoppé! C:\Windows\SysWOW64\NOTEPAD.EXE (ID: 5844 |ParentID: 5660)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 3600 |ParentID: 660)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5312 |ParentID: 3272)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4500 |ParentID: 5312)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5340 |ParentID: 5312)
Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4792 |ParentID: 5312)
Stoppé! C:\Windows\system32\SearchProtocolHost.exe (ID: 2216 |ParentID: 3600)
Stoppé! C:\Windows\system32\SearchFilterHost.exe (ID: 1160 |ParentID: 3600)
################## | Regedit Run |
04 - HKLM\..\Run : [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
04 - HKLM\..\Run : [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
04 - HKLM\..\Run : [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
04 - HKLM\..\Run : [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
04 - HKLM64\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKLM64\..\Run : [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\CYPVIR~1\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\..\Run : [Facebook Update] "C:\Users\cypvirgmatleo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://support.microsoft.com/en-us/windows/install-windows-7-service-pack-1-sp1-b3da2c0f-cdb6-0572-8596-bab972897f61" /build:7601
################## | Recherche générique |
Supprimé! C:\Users\cypvirgmatleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Supprimé! C:\Users\CYPVIR~1\AppData\Local\Temp\iTunesHelper.vbe
Supprimé! E:\iTunesHelper.vbe
Supprimé! F:\iTunesHelper.vbe
Supprimé! H:\iTunesHelper.vbe
Supprimé! E:\.lnk
Supprimé! E:\PAPA.lnk
Supprimé! E:\photo.lnk
Supprimé! E:\Very bad trip 3.lnk
Supprimé! E:\.Spotlight-V100.lnk
Supprimé! F:\Percy.lnk
(!) Fichiers temporaires supprimés.
################## | Registre |
Supprimé! HKU\S-1-5-21-1436643845-2780742103-2752391176-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | Listing |
[16/09/2013 - 19:29:04 | SHD] - C:\$Recycle.Bin
[22/09/2013 - 22:12:29 | D] - C:\1480c0a09f671ca02cf7ad79e0
[16/01/2014 - 13:18:27 | D] - C:\7c941e024b18d3f804a6838db1
[16/09/2013 - 18:45:00 | D] - C:\book
[23/09/2013 - 09:55:41 | SHD] - C:\Boot
[20/11/2010 - 13:40:07 | RASH | 375 Ko] - C:\bootmgr
[23/02/2011 - 11:33:34 | N | 8 Ko] - C:\BOOTSECT.BAK
[14/01/2014 - 09:31:04 | D] - C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[18/01/2014 - 10:33:14 | ASH | 3141808 Ko] - C:\hiberfil.sys
[16/09/2013 - 19:28:47 | D] - C:\OEM
[18/01/2014 - 10:34:17 | ASH | 4189080 Ko] - C:\pagefile.sys
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[21/10/2013 - 20:23:49 | D] - C:\Program Files
[09/01/2014 - 18:22:04 | D] - C:\Program Files (x86)
[09/01/2014 - 18:22:47 | HD] - C:\ProgramData
[16/09/2013 - 19:26:31 | SHD] - C:\Recovery
[18/01/2014 - 10:14:52 | SHD] - C:\System Volume Information
[18/01/2014 - 12:24:46 | D] - C:\UsbFix
[28/12/2013 - 17:04:53 | N | 1 Ko | C11380194D85ECAF839D7A64B0FF2D07] - C:\UsbFix [Clean 1] TAINTEAM.txt
[18/01/2014 - 12:25:47 | A | 6 Ko | 528AF120826EC3965D817C57E012E378] - C:\UsbFix [Clean 2] TAINTEAM.txt
[28/12/2013 - 17:02:21 | N | 10 Ko | 546BD0E353EC62E6455F0324DFF5F1B2] - C:\UsbFix [Scan 1] TAINTEAM.txt
[28/12/2013 - 17:16:27 | N | 10 Ko | 7A899391E39156790B269B3F23D59A31] - C:\UsbFix [Scan 2] TAINTEAM.txt
[28/12/2013 - 18:01:38 | N | 10 Ko | C59A2A3DE303BB3862450F06A528046B] - C:\UsbFix [Scan 3] TAINTEAM.txt
[18/01/2014 - 12:02:53 | N | 9 Ko | 6C9894A5B83F950624A7B0BECE07B056] - C:\UsbFix [Scan 5] TAINTEAM.txt
[18/01/2014 - 12:04:15 | N | 6 Ko | 13AE76ED8F598B720828DCC02E55D654] - C:\UsbFix [Scan 6] TAINTEAM.txt
[18/01/2014 - 12:16:47 | N | 7 Ko | C05138D1409E9F627B559F48B59D334E] - C:\UsbFix [Scan 8] TAINTEAM.txt
[16/09/2013 - 19:26:44 | D] - C:\Users
[16/01/2014 - 13:20:14 | D] - C:\Windows
[23/03/2013 - 12:46:08 | D] - E:\Dossier nourrisse
[07/09/2013 - 20:12:18 | SH | 4 Ko] - E:\._.Trashes
[07/09/2013 - 20:12:18 | SHD] - E:\.Trashes
[07/09/2013 - 20:12:18 | SHD] - E:\.fseventsd
[07/09/2013 - 20:12:20 | SHD] - E:\.Spotlight-V100
[17/06/2013 - 11:33:10 | D] - E:\RAP
[26/11/2013 - 10:30:00 | D] - E:\SART
[26/11/2013 - 14:51:34 | N | 0 Ko] - E:\.~lock.livret messe.odt#
[26/11/2013 - 10:29:10 | N | 213 Ko] - E:\PAPA.jpg
[18/12/2013 - 15:20:12 | N | 280 Ko] - E:\photo.jpg
[15/11/2013 - 12:32:06 | N | 1433331 Ko] - E:\The.Wolverine..avi
[15/11/2013 - 12:08:02 | N | 714650 Ko] - E:\Very bad trip 3.avi
[01/10/2013 - 22:42:22 | N | 716022 Ko] - E:\American nightmare- The purge.avi
[02/12/2013 - 22:13:52 | N | 716692 Ko] - E:\Kick.Ass.2..avi
[15/11/2013 - 12:25:00 | N | 1431534 Ko] - E:\Man.Of.Steel.avi
[21/11/2013 - 10:42:56 | N | 1432056 Ko] - F:\Percy.Jackson.Sea.of.Monsters.2013.FRENCH.BRRiP.XviD.AC3-Visual-www.Zone-Telechargement.com.avi
[24/12/2013 - 09:59:32 | D] - H:\LLN
################## | Vaccin |
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
a priori, cela refonctionne bien.... quel était le probleme? en tout cas merci de ta réactivité et de ton aide.
