USB fix - supprimer virus
Aurélia
-
samigtx1459 Messages postés 482 Date d'inscription Statut Membre Dernière intervention -
samigtx1459 Messages postés 482 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Depuis quelques temps, j'ai remarqué que tout ce que je mettais sur ma clé usb était transformé en raccourci. J'ai appris que c'était un virus et ai donc téléchargé usbfix. Pourriez-vous m'aider à retirer ce virus ?
Aussi, est-ce que tout ce qui a été connecté à mon pc est atteint par le virus ?
Merci d'avance !
Voici le rapport :
############################## | UsbFix V 7.164 | [Recherche]
Utilisateur: SBS (Administrateur) # GMW-ARO
Mis à jour le05/02/2014 par El Desaparecido - Team SosVirus
Lancé à 22:57:07 | 10/02/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Hewlett-Packard (17F6)
CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
RAM -> [Total : 3977 Mo| Free : 1033 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16750
WB: Google Chrome : 32.0.1700.107
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
C:\ -> Disque fixe # 442 Go (351 Go libre(s) - 79%) [] # NTFS
D:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [GMW - ARO] # FAT32
E:\ -> Disque fixe # 2 Go (2 Go libre(s) - 99%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
G:\ -> Disque fixe # 21 Go (3 Go libre(s) - 15%) [HP_RECOVERY] # NTFS
################## | Processus Actif |
C:\windows\system32\csrss.exe (ID: 540 |ParentID: 528)
C:\windows\system32\wininit.exe (ID: 584 |ParentID: 528)
C:\windows\system32\csrss.exe (ID: 604 |ParentID: 592)
C:\windows\system32\services.exe (ID: 648 |ParentID: 584)
C:\windows\system32\lsass.exe (ID: 664 |ParentID: 584)
C:\windows\system32\lsm.exe (ID: 672 |ParentID: 584)
C:\windows\system32\winlogon.exe (ID: 732 |ParentID: 592)
C:\windows\system32\svchost.exe (ID: 812 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 896 |ParentID: 648)
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (ID: 964 |ParentID: 648)
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (ID: 352 |ParentID: 648)
C:\windows\System32\svchost.exe (ID: 552 |ParentID: 648)
C:\windows\System32\svchost.exe (ID: 516 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 984 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 1052 |ParentID: 648)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 1116 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 1292 |ParentID: 648)
C:\windows\system32\Hpservice.exe (ID: 1388 |ParentID: 648)
C:\windows\system32\vcsFPService.exe (ID: 1520 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 1588 |ParentID: 648)
C:\windows\System32\spoolsv.exe (ID: 1940 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 1992 |ParentID: 648)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1412 |ParentID: 648)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1832 |ParentID: 648)
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (ID: 2076 |ParentID: 648)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2212 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 2252 |ParentID: 648)
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (ID: 2388 |ParentID: 648)
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (ID: 2452 |ParentID: 648)
c:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 2504 |ParentID: 648)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 2532 |ParentID: 648)
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (ID: 2568 |ParentID: 648)
C:\Program Files (x86)\PDF Architect\HelperService.exe (ID: 2644 |ParentID: 648)
C:\Program Files (x86)\PDF Architect\ConversionService.exe (ID: 2684 |ParentID: 648)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 2708 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 2940 |ParentID: 648)
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (ID: 3004 |ParentID: 648)
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe (ID: 3032 |ParentID: 648)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3056 |ParentID: 648)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3092 |ParentID: 3056)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 3216 |ParentID: 648)
C:\windows\system32\wbem\wmiprvse.exe (ID: 3344 |ParentID: 812)
C:\windows\system32\wbem\unsecapp.exe (ID: 3360 |ParentID: 812)
C:\windows\system32\wbem\wmiprvse.exe (ID: 3412 |ParentID: 812)
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (ID: 3504 |ParentID: 648)
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (ID: 3576 |ParentID: 648)
C:\windows\System32\WUDFHost.exe (ID: 3712 |ParentID: 516)
C:\windows\system32\svchost.exe (ID: 3816 |ParentID: 648)
C:\windows\system32\taskhost.exe (ID: 4724 |ParentID: 648)
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (ID: 4784 |ParentID: 3004)
C:\windows\system32\Dwm.exe (ID: 4816 |ParentID: 516)
C:\windows\Explorer.EXE (ID: 4904 |ParentID: 4776)
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (ID: 5068 |ParentID: 3004)
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe (ID: 5076 |ParentID: 3004)
C:\Windows\System32\igfxtray.exe (ID: 5112 |ParentID: 4904)
C:\Windows\System32\hkcmd.exe (ID: 1220 |ParentID: 4904)
C:\Windows\System32\igfxpers.exe (ID: 4112 |ParentID: 4904)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 4176 |ParentID: 4904)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 4204 |ParentID: 4904)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 3548 |ParentID: 4904)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4212 |ParentID: 4904)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 3752 |ParentID: 3384)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 924 |ParentID: 4904)
C:\Windows\System32\wscript.exe (ID: 2848 |ParentID: 4904)
C:\Program Files (x86)\Pyramiq\DLex\DocManager.exe (ID: 2464 |ParentID: 4904)
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (ID: 1960 |ParentID: 3868)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ID: 3568 |ParentID: 3868)
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (ID: 916 |ParentID: 3868)
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (ID: 4084 |ParentID: 732)
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (ID: 2624 |ParentID: 648)
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (ID: 3428 |ParentID: 3868)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 1464 |ParentID: 3868)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 2968 |ParentID: 3868)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 2932 |ParentID: 3868)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4700 |ParentID: 3868)
C:\windows\system32\SearchIndexer.exe (ID: 3076 |ParentID: 648)
C:\Program Files\iPod\bin\iPodService.exe (ID: 3892 |ParentID: 648)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 3672 |ParentID: 648)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3824 |ParentID: 648)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5160 |ParentID: 924)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 5244 |ParentID: 648)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5588 |ParentID: 924)
C:\Users\ARO\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 5620 |ParentID: 4904)
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ID: 5628 |ParentID: 4904)
C:\windows\System32\svchost.exe (ID: 4780 |ParentID: 648)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6532 |ParentID: 924)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 6572 |ParentID: 2468)
C:\windows\system32\DllHost.exe (ID: 6592 |ParentID: 812)
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (ID: 6800 |ParentID: 4084)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID: 6832 |ParentID: 648)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 6900 |ParentID: 648)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2528 |ParentID: 924)
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (ID: 6480 |ParentID: 4144)
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe (ID: 1148 |ParentID: 3688)
c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (ID: 1752 |ParentID: 648)
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (ID: 6280 |ParentID: 812)
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe (ID: 2228 |ParentID: 6280)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 5612 |ParentID: 648)
C:\windows\system32\igfxext.exe (ID: 5192 |ParentID: 812)
C:\windows\system32\igfxsrvc.exe (ID: 6236 |ParentID: 812)
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 860 |ParentID: 648)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 2728 |ParentID: 648)
C:\windows\system32\SearchProtocolHost.exe (ID: 4744 |ParentID: 3076)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6324 |ParentID: 924)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7144 |ParentID: 924)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 8336 |ParentID: 924)
C:\windows\System32\WUDFHost.exe (ID: 1500 |ParentID: 516)
C:\windows\system32\SearchFilterHost.exe (ID: 5792 |ParentID: 3076)
\\?\C:\windows\system32\wbem\WMIADAP.EXE (ID: 6104 |ParentID: 1052)
################## | Regedit Run |
04 - HKCU\..\Run : [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
04 - HKCU\..\Run : [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
04 - HKLM\..\Run : [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\..\Run : [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
04 - HKLM\..\Run : [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\..\Run : [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
04 - HKLM\..\Run : [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [IgfxTray] C:\windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
04 - HKLM64\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - HKLM64\..\Run : [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
04 - HKLM64\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\RunOnce : [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
04 - HKLM64\..\RunOnce : [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
04 - HKLM64\..\RunOnce : [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
04 - HKLM64\..\RunOnce : [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
04 - HKLM64\..\RunOnce : [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
04 - HKLM64\..\RunOnce : [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2879927877-2269255897-2555267540-1002\..\Run : [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
04 - HKU\S-1-5-21-2879927877-2269255897-2555267540-1002\..\Run : [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [Google Update] "C:\Users\ARO.GMWLAW\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [GoogleChromeAutoLaunch_E0712477D652B7EB4DA8570D8DBC32FD] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\ARO~1.GMW\AppData\Local\Temp\SURVIVAL.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
Présent! D:\SURVIVAL.vbe
Présent! D:\Dewez-DeSambre.lnk
Présent! D:\AFFAIRE_COEME_ET_AUTRES_c.lnk
Présent! D:\Garabedian.lnk
Présent! D:\Parmentier.lnk
Présent! D:\Tiberghien.lnk
Présent! D:\Tiberghien 2.lnk
Présent! D:\Droit sociétés 2011 - 1.lnk
Présent! D:\Droit sociétés 2011 - 2.lnk
Présent! D:\Droit sociétés 2011 - 3.lnk
Présent! D:\ACDROSOC_005.lnk
Présent! D:\ACDROSOC_006.lnk
Présent! D:\ACDROSOC_007.lnk
Présent! D:\DRSOCMB_008.lnk
Présent! D:\jp droit soc.lnk
Présent! D:\1501_428.lnk
Présent! D:\1501_429.lnk
Présent! D:\1501_430.lnk
Présent! D:\1501_431.lnk
Présent! D:\1501_432.lnk
Présent! D:\1501_433.lnk
Présent! D:\1501_434.lnk
Présent! D:\1501_435.lnk
Présent! D:\1501_436.lnk
Présent! D:\1501_437.lnk
Présent! C:\Documents and Settings\ARO.GMWLAW\AppData\Local\Temp\SURVIVAL.vbe
Présent! C:\Documents and Settings\ARO.GMWLAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe
Présent! C:\Users\ARO.GMWLAW\AppData\Local\Temp\SURVIVAL.vbe
Présent! C:\Users\ARO.GMWLAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Présent! HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL
################## | Vaccin |
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
Depuis quelques temps, j'ai remarqué que tout ce que je mettais sur ma clé usb était transformé en raccourci. J'ai appris que c'était un virus et ai donc téléchargé usbfix. Pourriez-vous m'aider à retirer ce virus ?
Aussi, est-ce que tout ce qui a été connecté à mon pc est atteint par le virus ?
Merci d'avance !
Voici le rapport :
############################## | UsbFix V 7.164 | [Recherche]
Utilisateur: SBS (Administrateur) # GMW-ARO
Mis à jour le05/02/2014 par El Desaparecido - Team SosVirus
Lancé à 22:57:07 | 10/02/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Hewlett-Packard (17F6)
CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
RAM -> [Total : 3977 Mo| Free : 1033 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16750
WB: Google Chrome : 32.0.1700.107
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
C:\ -> Disque fixe # 442 Go (351 Go libre(s) - 79%) [] # NTFS
D:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [GMW - ARO] # FAT32
E:\ -> Disque fixe # 2 Go (2 Go libre(s) - 99%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
G:\ -> Disque fixe # 21 Go (3 Go libre(s) - 15%) [HP_RECOVERY] # NTFS
################## | Processus Actif |
C:\windows\system32\csrss.exe (ID: 540 |ParentID: 528)
C:\windows\system32\wininit.exe (ID: 584 |ParentID: 528)
C:\windows\system32\csrss.exe (ID: 604 |ParentID: 592)
C:\windows\system32\services.exe (ID: 648 |ParentID: 584)
C:\windows\system32\lsass.exe (ID: 664 |ParentID: 584)
C:\windows\system32\lsm.exe (ID: 672 |ParentID: 584)
C:\windows\system32\winlogon.exe (ID: 732 |ParentID: 592)
C:\windows\system32\svchost.exe (ID: 812 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 896 |ParentID: 648)
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (ID: 964 |ParentID: 648)
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (ID: 352 |ParentID: 648)
C:\windows\System32\svchost.exe (ID: 552 |ParentID: 648)
C:\windows\System32\svchost.exe (ID: 516 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 984 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 1052 |ParentID: 648)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 1116 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 1292 |ParentID: 648)
C:\windows\system32\Hpservice.exe (ID: 1388 |ParentID: 648)
C:\windows\system32\vcsFPService.exe (ID: 1520 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 1588 |ParentID: 648)
C:\windows\System32\spoolsv.exe (ID: 1940 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 1992 |ParentID: 648)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1412 |ParentID: 648)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1832 |ParentID: 648)
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (ID: 2076 |ParentID: 648)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2212 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 2252 |ParentID: 648)
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (ID: 2388 |ParentID: 648)
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (ID: 2452 |ParentID: 648)
c:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 2504 |ParentID: 648)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 2532 |ParentID: 648)
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (ID: 2568 |ParentID: 648)
C:\Program Files (x86)\PDF Architect\HelperService.exe (ID: 2644 |ParentID: 648)
C:\Program Files (x86)\PDF Architect\ConversionService.exe (ID: 2684 |ParentID: 648)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 2708 |ParentID: 648)
C:\windows\system32\svchost.exe (ID: 2940 |ParentID: 648)
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (ID: 3004 |ParentID: 648)
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe (ID: 3032 |ParentID: 648)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3056 |ParentID: 648)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3092 |ParentID: 3056)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 3216 |ParentID: 648)
C:\windows\system32\wbem\wmiprvse.exe (ID: 3344 |ParentID: 812)
C:\windows\system32\wbem\unsecapp.exe (ID: 3360 |ParentID: 812)
C:\windows\system32\wbem\wmiprvse.exe (ID: 3412 |ParentID: 812)
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (ID: 3504 |ParentID: 648)
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (ID: 3576 |ParentID: 648)
C:\windows\System32\WUDFHost.exe (ID: 3712 |ParentID: 516)
C:\windows\system32\svchost.exe (ID: 3816 |ParentID: 648)
C:\windows\system32\taskhost.exe (ID: 4724 |ParentID: 648)
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (ID: 4784 |ParentID: 3004)
C:\windows\system32\Dwm.exe (ID: 4816 |ParentID: 516)
C:\windows\Explorer.EXE (ID: 4904 |ParentID: 4776)
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (ID: 5068 |ParentID: 3004)
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe (ID: 5076 |ParentID: 3004)
C:\Windows\System32\igfxtray.exe (ID: 5112 |ParentID: 4904)
C:\Windows\System32\hkcmd.exe (ID: 1220 |ParentID: 4904)
C:\Windows\System32\igfxpers.exe (ID: 4112 |ParentID: 4904)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 4176 |ParentID: 4904)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 4204 |ParentID: 4904)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 3548 |ParentID: 4904)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4212 |ParentID: 4904)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 3752 |ParentID: 3384)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 924 |ParentID: 4904)
C:\Windows\System32\wscript.exe (ID: 2848 |ParentID: 4904)
C:\Program Files (x86)\Pyramiq\DLex\DocManager.exe (ID: 2464 |ParentID: 4904)
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (ID: 1960 |ParentID: 3868)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ID: 3568 |ParentID: 3868)
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (ID: 916 |ParentID: 3868)
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (ID: 4084 |ParentID: 732)
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (ID: 2624 |ParentID: 648)
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (ID: 3428 |ParentID: 3868)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 1464 |ParentID: 3868)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 2968 |ParentID: 3868)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 2932 |ParentID: 3868)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4700 |ParentID: 3868)
C:\windows\system32\SearchIndexer.exe (ID: 3076 |ParentID: 648)
C:\Program Files\iPod\bin\iPodService.exe (ID: 3892 |ParentID: 648)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 3672 |ParentID: 648)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3824 |ParentID: 648)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5160 |ParentID: 924)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 5244 |ParentID: 648)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5588 |ParentID: 924)
C:\Users\ARO\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 5620 |ParentID: 4904)
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ID: 5628 |ParentID: 4904)
C:\windows\System32\svchost.exe (ID: 4780 |ParentID: 648)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6532 |ParentID: 924)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 6572 |ParentID: 2468)
C:\windows\system32\DllHost.exe (ID: 6592 |ParentID: 812)
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (ID: 6800 |ParentID: 4084)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (ID: 6832 |ParentID: 648)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 6900 |ParentID: 648)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2528 |ParentID: 924)
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (ID: 6480 |ParentID: 4144)
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe (ID: 1148 |ParentID: 3688)
c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (ID: 1752 |ParentID: 648)
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (ID: 6280 |ParentID: 812)
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe (ID: 2228 |ParentID: 6280)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 5612 |ParentID: 648)
C:\windows\system32\igfxext.exe (ID: 5192 |ParentID: 812)
C:\windows\system32\igfxsrvc.exe (ID: 6236 |ParentID: 812)
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 860 |ParentID: 648)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 2728 |ParentID: 648)
C:\windows\system32\SearchProtocolHost.exe (ID: 4744 |ParentID: 3076)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6324 |ParentID: 924)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 7144 |ParentID: 924)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 8336 |ParentID: 924)
C:\windows\System32\WUDFHost.exe (ID: 1500 |ParentID: 516)
C:\windows\system32\SearchFilterHost.exe (ID: 5792 |ParentID: 3076)
\\?\C:\windows\system32\wbem\WMIADAP.EXE (ID: 6104 |ParentID: 1052)
################## | Regedit Run |
04 - HKCU\..\Run : [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
04 - HKCU\..\Run : [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
04 - HKLM\..\Run : [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\..\Run : [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
04 - HKLM\..\Run : [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\..\Run : [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
04 - HKLM\..\Run : [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [IgfxTray] C:\windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
04 - HKLM64\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - HKLM64\..\Run : [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
04 - HKLM64\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\RunOnce : [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
04 - HKLM64\..\RunOnce : [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
04 - HKLM64\..\RunOnce : [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
04 - HKLM64\..\RunOnce : [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
04 - HKLM64\..\RunOnce : [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
04 - HKLM64\..\RunOnce : [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2879927877-2269255897-2555267540-1002\..\Run : [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
04 - HKU\S-1-5-21-2879927877-2269255897-2555267540-1002\..\Run : [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [Google Update] "C:\Users\ARO.GMWLAW\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [GoogleChromeAutoLaunch_E0712477D652B7EB4DA8570D8DBC32FD] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\ARO~1.GMW\AppData\Local\Temp\SURVIVAL.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
Présent! D:\SURVIVAL.vbe
Présent! D:\Dewez-DeSambre.lnk
Présent! D:\AFFAIRE_COEME_ET_AUTRES_c.lnk
Présent! D:\Garabedian.lnk
Présent! D:\Parmentier.lnk
Présent! D:\Tiberghien.lnk
Présent! D:\Tiberghien 2.lnk
Présent! D:\Droit sociétés 2011 - 1.lnk
Présent! D:\Droit sociétés 2011 - 2.lnk
Présent! D:\Droit sociétés 2011 - 3.lnk
Présent! D:\ACDROSOC_005.lnk
Présent! D:\ACDROSOC_006.lnk
Présent! D:\ACDROSOC_007.lnk
Présent! D:\DRSOCMB_008.lnk
Présent! D:\jp droit soc.lnk
Présent! D:\1501_428.lnk
Présent! D:\1501_429.lnk
Présent! D:\1501_430.lnk
Présent! D:\1501_431.lnk
Présent! D:\1501_432.lnk
Présent! D:\1501_433.lnk
Présent! D:\1501_434.lnk
Présent! D:\1501_435.lnk
Présent! D:\1501_436.lnk
Présent! D:\1501_437.lnk
Présent! C:\Documents and Settings\ARO.GMWLAW\AppData\Local\Temp\SURVIVAL.vbe
Présent! C:\Documents and Settings\ARO.GMWLAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe
Présent! C:\Users\ARO.GMWLAW\AppData\Local\Temp\SURVIVAL.vbe
Présent! C:\Users\ARO.GMWLAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Présent! HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL
################## | Vaccin |
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
A voir également:
- USB fix - supprimer virus
- Supprimer rond bleu whatsapp - Guide
- Clé usb non détectée - Guide
- Supprimer page word - Guide
- Usb show - Télécharger - Sauvegarde
- Hp usb disk storage format tool - Télécharger - Stockage
4 réponses
Oui et apparemment il est encore présent sur ton pc car ta clé a du infecté ton pc et même si tu le supprime de la clé il reviendra à partir de ton pc. Ce que je te propose c'est démarrer usbfix, et ensuite tu clique sur suppression s'il te demande si tu veux aller sur un forum dis non et ensuite laisse faire le pc à la fin réenvoie le rapport normalement ça devrais aller
Voici mon rapport, un tout grand merci :
############################## | UsbFix V 7.164 | [Suppression]
Utilisateur: ARO (Administrateur) # GMW-ARO
Mis à jour le05/02/2014 par El Desaparecido - Team SosVirus
Lancé à 08:39:43 | 13/02/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Hewlett-Packard (17F6)
CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
RAM -> [Total : 3977 Mo| Free : 1973 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16798
WB: Google Chrome : 32.0.1700.107
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 442 Go (346 Go libre(s) - 78%) [] # NTFS
D:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [GMW - ARO] # FAT32
E:\ -> Disque fixe # 2 Go (2 Go libre(s) - 99%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
G:\ -> Disque fixe # 21 Go (3 Go libre(s) - 15%) [HP_RECOVERY] # NTFS
################## | Processus Actif |
C:\windows\system32\taskhost.exe (ID: 4772 |ParentID: 664)
C:\windows\system32\Dwm.exe (ID: 4844 |ParentID: 628)
C:\windows\Explorer.EXE (ID: 4876 |ParentID: 4816)
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (ID: 4888 |ParentID: 3040)
C:\Windows\System32\igfxtray.exe (ID: 4224 |ParentID: 4876)
C:\Windows\System32\hkcmd.exe (ID: 4308 |ParentID: 4876)
C:\Windows\System32\igfxpers.exe (ID: 4376 |ParentID: 4876)
C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (ID: 4404 |ParentID: 4876)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 2060 |ParentID: 4876)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 1832 |ParentID: 4876)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2380 |ParentID: 4876)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4476 |ParentID: 4876)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 3556 |ParentID: 4508)
C:\Users\ARO.GMWLAW\AppData\Local\Google\Update\GoogleUpdate.exe (ID: 4548 |ParentID: 4876)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4328 |ParentID: 4876)
C:\Windows\System32\wscript.exe (ID: 4228 |ParentID: 4876)
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (ID: 2112 |ParentID: 4220)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ID: 4872 |ParentID: 4220)
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (ID: 3660 |ParentID: 4220)
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (ID: 4100 |ParentID: 4220)
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (ID: 548 |ParentID: 760)
C:\Program Files (x86)\Pyramiq\DLex\DocManager.exe (ID: 4532 |ParentID: 4876)
C:\Users\ARO\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 2472 |ParentID: 4876)
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (ID: 4108 |ParentID: 4220)
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ID: 1480 |ParentID: 4876)
C:\windows\System32\WScript.exe (ID: 1396 |ParentID: 4876)
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe (ID: 5168 |ParentID: 300)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5320 |ParentID: 4328)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 5364 |ParentID: 4220)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 5384 |ParentID: 4220)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 5404 |ParentID: 4220)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 5440 |ParentID: 4220)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5560 |ParentID: 4328)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4280 |ParentID: 4328)
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPUsageTrack.exe (ID: 1112 |ParentID: 836)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6088 |ParentID: 4328)
C:\windows\system32\DllHost.exe (ID: 4836 |ParentID: 836)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 4412 |ParentID: 212)
################## | Regedit Run |
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Google Update] "C:\Users\ARO.GMWLAW\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_E0712477D652B7EB4DA8570D8DBC32FD] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKCU\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKCU\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\ARO~1.GMW\AppData\Local\Temp\SURVIVAL.vbe"
04 - HKLM\..\Run : [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\..\Run : [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
04 - HKLM\..\Run : [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\..\Run : [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
04 - HKLM\..\Run : [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [IgfxTray] C:\windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
04 - HKLM64\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - HKLM64\..\Run : [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
04 - HKLM64\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\RunOnce : [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
04 - HKLM64\..\RunOnce : [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
04 - HKLM64\..\RunOnce : [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
04 - HKLM64\..\RunOnce : [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
04 - HKLM64\..\RunOnce : [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
04 - HKLM64\..\RunOnce : [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
04 - HKLM64\..\RunOnce : [UsbFix] "C:\UsbFix\UsbFix.exe"
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [Google Update] "C:\Users\ARO.GMWLAW\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [GoogleChromeAutoLaunch_E0712477D652B7EB4DA8570D8DBC32FD] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\ARO~1.GMW\AppData\Local\Temp\SURVIVAL.vbe"
################## | Recherche générique |
Supprimé! C:\Users\ARO.GMWLAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe
Non supprimé ! C:\Users\ARO~1.GMW\AppData\Local\Temp\SURVIVAL.vbe
Supprimé! D:\SURVIVAL.vbe
Supprimé! D:\AFFAIRE_COEME_ET_AUTRES_c.lnk
Supprimé! D:\Garabedian.lnk
Supprimé! D:\Parmentier.lnk
Supprimé! D:\Tiberghien.lnk
Supprimé! D:\Tiberghien 2.lnk
Supprimé! D:\Droit sociétés 2011 - 1.lnk
Supprimé! D:\Droit sociétés 2011 - 2.lnk
Supprimé! D:\Droit sociétés 2011 - 3.lnk
Supprimé! D:\ACDROSOC_005.lnk
Supprimé! D:\ACDROSOC_006.lnk
Supprimé! D:\ACDROSOC_007.lnk
Supprimé! D:\DRSOCMB_008.lnk
Supprimé! D:\jp droit soc.lnk
Supprimé! D:\1501_428.lnk
Supprimé! D:\1501_429.lnk
Supprimé! D:\1501_430.lnk
Supprimé! D:\1501_431.lnk
Supprimé! D:\1501_432.lnk
Supprimé! D:\1501_433.lnk
Supprimé! D:\1501_434.lnk
Supprimé! D:\1501_435.lnk
Supprimé! D:\1501_436.lnk
Supprimé! D:\1501_437.lnk
Supprimé! D:\Dewez-DeSambre.lnk
Supprimé! D:\Autorun.inf.lnk
Non supprimé ! C:\Documents and Settings\ARO.GMWLAW\AppData\Local\Temp\SURVIVAL.vbe
Non supprimé ! C:\Users\ARO.GMWLAW\AppData\Local\Temp\SURVIVAL.vbe
(!) Fichiers temporaires supprimés.
################## | Registre |
Non Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Non Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Supprimé! HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL
################## | Listing |
[01/07/2013 - 08:29:08 | SHD] - C:\$RECYCLE.BIN
[01/07/2013 - 08:34:06 | D] - C:\ARO
[11/02/2011 - 06:13:50 | SHD] - C:\boot
[21/11/2010 - 04:23:51 | RASH | 375 Ko] - C:\bootmgr
[13/02/2014 - 08:37:57 | SHD] - C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[21/01/2014 - 18:20:52 | N | 0 Ko] - C:\DUMPA.WAV
[16/04/2012 - 03:44:21 | D] - C:\EFI
[13/02/2014 - 08:37:12 | ASH | 4072004 Ko] - C:\hiberfil.sys
[16/04/2012 - 06:19:32 | D] - C:\hp
[05/04/2013 - 11:09:06 | RHD] - C:\MSOCache
[13/02/2014 - 08:37:14 | ASH | 4072004 Ko] - C:\pagefile.sys
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[31/01/2014 - 10:04:36 | D] - C:\Program Files
[12/02/2014 - 15:12:05 | D] - C:\Program Files (x86)
[03/02/2014 - 13:42:26 | HD] - C:\ProgramData
[04/04/2013 - 15:24:42 | SHD] - C:\Recovery
[04/04/2013 - 16:28:50 | D] - C:\swsetup
[13/02/2014 - 03:01:54 | SHD] - C:\System Volume Information
[05/04/2013 - 12:39:48 | D] - C:\SYSTEM.SAV
[13/02/2014 - 08:39:33 | D] - C:\UsbFix
[12/02/2014 - 20:13:44 | N | 16 Ko | 0B868B1DC4F39261B7504878556AB345] - C:\UsbFix [Clean 1] GMW-ARO.txt
[13/02/2014 - 09:58:48 | A | 12 Ko | 7281B504EAF81E7B6B022E234539A60F] - C:\UsbFix [Clean 3] GMW-ARO.txt
[10/02/2014 - 22:55:12 | N | 15 Ko | 90023CAF96906DE1975C47D182069822] - C:\UsbFix [Scan 1] GMW-ARO.txt
[10/02/2014 - 23:50:09 | N | 17 Ko | 9952428FED1DB16B3483510867D15460] - C:\UsbFix [Scan 2] GMW-ARO.txt
[13/01/2014 - 13:58:55 | D] - C:\Users
[10/02/2014 - 21:04:52 | D] - C:\Windows
[19/12/2013 - 09:15:42 | D] - D:\Dewez-DeSambre
[06/12/2013 - 10:14:48 | N | 448 Ko] - D:\AFFAIRE_COEME_ET_AUTRES_c._BELGIQUE.pdf
[22/01/2014 - 17:18:04 | N | 367 Ko] - D:\Garabedian.PDF
[22/01/2014 - 17:26:42 | N | 177 Ko] - D:\Parmentier.PDF
[22/01/2014 - 17:37:50 | N | 1359 Ko] - D:\Tiberghien.PDF
[22/01/2014 - 17:40:24 | N | 1004 Ko] - D:\Tiberghien 2.PDF
[22/01/2014 - 17:47:14 | N | 105 Ko] - D:\Droit sociétés 2011 - 1.PDF
[22/01/2014 - 17:49:14 | N | 130 Ko] - D:\Droit sociétés 2011 - 2.PDF
[22/01/2014 - 17:50:00 | N | 234 Ko] - D:\Droit sociétés 2011 - 3.PDF
[22/01/2014 - 17:51:04 | N | 145 Ko] - D:\ACDROSOC_005.pdf
[22/01/2014 - 17:51:40 | N | 157 Ko] - D:\ACDROSOC_006.pdf
[22/01/2014 - 17:52:10 | N | 90 Ko] - D:\ACDROSOC_007.pdf
[22/01/2014 - 17:55:58 | N | 319 Ko] - D:\DRSOCMB_008.pdf
[22/01/2014 - 17:57:36 | N | 86 Ko] - D:\jp droit soc.PDF
[28/01/2014 - 15:54:26 | N | 111 Ko] - D:\1501_428.pdf
[28/01/2014 - 15:54:50 | N | 128 Ko] - D:\1501_429.pdf
[28/01/2014 - 15:55:02 | N | 125 Ko] - D:\1501_430.pdf
[28/01/2014 - 15:55:16 | N | 129 Ko] - D:\1501_431.pdf
[28/01/2014 - 15:55:28 | N | 111 Ko] - D:\1501_432.pdf
[28/01/2014 - 15:55:38 | N | 120 Ko] - D:\1501_433.pdf
[28/01/2014 - 15:55:50 | N | 106 Ko] - D:\1501_434.pdf
[28/01/2014 - 15:55:58 | N | 112 Ko] - D:\1501_435.pdf
[28/01/2014 - 15:56:06 | N | 120 Ko] - D:\1501_436.pdf
[28/01/2014 - 15:56:16 | N | 107 Ko] - D:\1501_437.pdf
[24/11/2013 - 17:26:20 | N | 71538 Ko | 36E4504E76E9AA85E22E7CF9A9F9D86F] - D:\SURVIVAL.vbe
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\AFFAIRE_COEME_ET_AUTRES_c.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Garabedian.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Parmentier.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Tiberghien.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Tiberghien 2.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Droit sociétés 2011 - 1.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Droit sociétés 2011 - 2.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Droit sociétés 2011 - 3.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\ACDROSOC_005.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\ACDROSOC_006.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\ACDROSOC_007.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\DRSOCMB_008.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\jp droit soc.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_428.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_429.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_430.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_431.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_432.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_433.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_434.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_435.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_436.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_437.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Dewez-DeSambre.lnk
[26/02/2013 - 18:52:04 | N | 0 Ko] - E:\HP_Tools
[26/02/2013 - 18:59:36 | SHD] - E:\$RECYCLE.BIN
[26/02/2013 - 19:12:38 | D] - E:\Hewlett-Packard
[05/04/2013 - 14:25:20 | N | 0 Ko] - E:\HP_WSD.dat
[01/07/2013 - 08:29:08 | SHD] - G:\$RECYCLE.BIN
[04/04/2013 - 15:24:43 | ASHD] - G:\boot
[21/11/2010 - 04:23:51 | ASH | 375 Ko] - G:\bootmgr
[27/02/2013 - 05:06:16 | N | 0 Ko] - G:\HP_WINRE
[05/04/2013 - 13:25:18 | N | 0 Ko] - G:\HP_WSD.dat
[04/04/2013 - 15:24:42 | ASHD] - G:\Recovery
[27/02/2013 - 05:42:01 | SHD] - G:\System Volume Information
[27/02/2013 - 05:06:16 | D] - G:\system.sav
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
############################## | UsbFix V 7.164 | [Suppression]
Utilisateur: ARO (Administrateur) # GMW-ARO
Mis à jour le05/02/2014 par El Desaparecido - Team SosVirus
Lancé à 08:39:43 | 13/02/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Hewlett-Packard (17F6)
CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
RAM -> [Total : 3977 Mo| Free : 1973 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16798
WB: Google Chrome : 32.0.1700.107
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 442 Go (346 Go libre(s) - 78%) [] # NTFS
D:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [GMW - ARO] # FAT32
E:\ -> Disque fixe # 2 Go (2 Go libre(s) - 99%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
G:\ -> Disque fixe # 21 Go (3 Go libre(s) - 15%) [HP_RECOVERY] # NTFS
################## | Processus Actif |
C:\windows\system32\taskhost.exe (ID: 4772 |ParentID: 664)
C:\windows\system32\Dwm.exe (ID: 4844 |ParentID: 628)
C:\windows\Explorer.EXE (ID: 4876 |ParentID: 4816)
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (ID: 4888 |ParentID: 3040)
C:\Windows\System32\igfxtray.exe (ID: 4224 |ParentID: 4876)
C:\Windows\System32\hkcmd.exe (ID: 4308 |ParentID: 4876)
C:\Windows\System32\igfxpers.exe (ID: 4376 |ParentID: 4876)
C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (ID: 4404 |ParentID: 4876)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 2060 |ParentID: 4876)
C:\Program Files\Microsoft Security Client\msseces.exe (ID: 1832 |ParentID: 4876)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2380 |ParentID: 4876)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 4476 |ParentID: 4876)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 3556 |ParentID: 4508)
C:\Users\ARO.GMWLAW\AppData\Local\Google\Update\GoogleUpdate.exe (ID: 4548 |ParentID: 4876)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4328 |ParentID: 4876)
C:\Windows\System32\wscript.exe (ID: 4228 |ParentID: 4876)
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (ID: 2112 |ParentID: 4220)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ID: 4872 |ParentID: 4220)
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (ID: 3660 |ParentID: 4220)
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (ID: 4100 |ParentID: 4220)
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (ID: 548 |ParentID: 760)
C:\Program Files (x86)\Pyramiq\DLex\DocManager.exe (ID: 4532 |ParentID: 4876)
C:\Users\ARO\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 2472 |ParentID: 4876)
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (ID: 4108 |ParentID: 4220)
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ID: 1480 |ParentID: 4876)
C:\windows\System32\WScript.exe (ID: 1396 |ParentID: 4876)
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe (ID: 5168 |ParentID: 300)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5320 |ParentID: 4328)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 5364 |ParentID: 4220)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 5384 |ParentID: 4220)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 5404 |ParentID: 4220)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 5440 |ParentID: 4220)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5560 |ParentID: 4328)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4280 |ParentID: 4328)
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPUsageTrack.exe (ID: 1112 |ParentID: 836)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6088 |ParentID: 4328)
C:\windows\system32\DllHost.exe (ID: 4836 |ParentID: 836)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 4412 |ParentID: 212)
################## | Regedit Run |
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Google Update] "C:\Users\ARO.GMWLAW\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_E0712477D652B7EB4DA8570D8DBC32FD] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKCU\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKCU\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\ARO~1.GMW\AppData\Local\Temp\SURVIVAL.vbe"
04 - HKLM\..\Run : [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\..\Run : [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
04 - HKLM\..\Run : [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
04 - HKLM\..\Run : [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
04 - HKLM\..\Run : [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [IgfxTray] C:\windows\system32\igfxtray.exe
04 - HKLM64\..\Run : [HotKeysCmds] C:\windows\system32\hkcmd.exe
04 - HKLM64\..\Run : [Persistence] C:\windows\system32\igfxpers.exe
04 - HKLM64\..\Run : [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
04 - HKLM64\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - HKLM64\..\Run : [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
04 - HKLM64\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\RunOnce : [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
04 - HKLM64\..\RunOnce : [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
04 - HKLM64\..\RunOnce : [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
04 - HKLM64\..\RunOnce : [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
04 - HKLM64\..\RunOnce : [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
04 - HKLM64\..\RunOnce : [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
04 - HKLM64\..\RunOnce : [UsbFix] "C:\UsbFix\UsbFix.exe"
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [Google Update] "C:\Users\ARO.GMWLAW\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [GoogleChromeAutoLaunch_E0712477D652B7EB4DA8570D8DBC32FD] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\ARO~1.GMW\AppData\Local\Temp\SURVIVAL.vbe"
################## | Recherche générique |
Supprimé! C:\Users\ARO.GMWLAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe
Non supprimé ! C:\Users\ARO~1.GMW\AppData\Local\Temp\SURVIVAL.vbe
Supprimé! D:\SURVIVAL.vbe
Supprimé! D:\AFFAIRE_COEME_ET_AUTRES_c.lnk
Supprimé! D:\Garabedian.lnk
Supprimé! D:\Parmentier.lnk
Supprimé! D:\Tiberghien.lnk
Supprimé! D:\Tiberghien 2.lnk
Supprimé! D:\Droit sociétés 2011 - 1.lnk
Supprimé! D:\Droit sociétés 2011 - 2.lnk
Supprimé! D:\Droit sociétés 2011 - 3.lnk
Supprimé! D:\ACDROSOC_005.lnk
Supprimé! D:\ACDROSOC_006.lnk
Supprimé! D:\ACDROSOC_007.lnk
Supprimé! D:\DRSOCMB_008.lnk
Supprimé! D:\jp droit soc.lnk
Supprimé! D:\1501_428.lnk
Supprimé! D:\1501_429.lnk
Supprimé! D:\1501_430.lnk
Supprimé! D:\1501_431.lnk
Supprimé! D:\1501_432.lnk
Supprimé! D:\1501_433.lnk
Supprimé! D:\1501_434.lnk
Supprimé! D:\1501_435.lnk
Supprimé! D:\1501_436.lnk
Supprimé! D:\1501_437.lnk
Supprimé! D:\Dewez-DeSambre.lnk
Supprimé! D:\Autorun.inf.lnk
Non supprimé ! C:\Documents and Settings\ARO.GMWLAW\AppData\Local\Temp\SURVIVAL.vbe
Non supprimé ! C:\Users\ARO.GMWLAW\AppData\Local\Temp\SURVIVAL.vbe
(!) Fichiers temporaires supprimés.
################## | Registre |
Non Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Non Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Supprimé! HKU\S-1-5-21-4111840881-2628714767-1806559691-1172\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL
################## | Listing |
[01/07/2013 - 08:29:08 | SHD] - C:\$RECYCLE.BIN
[01/07/2013 - 08:34:06 | D] - C:\ARO
[11/02/2011 - 06:13:50 | SHD] - C:\boot
[21/11/2010 - 04:23:51 | RASH | 375 Ko] - C:\bootmgr
[13/02/2014 - 08:37:57 | SHD] - C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[21/01/2014 - 18:20:52 | N | 0 Ko] - C:\DUMPA.WAV
[16/04/2012 - 03:44:21 | D] - C:\EFI
[13/02/2014 - 08:37:12 | ASH | 4072004 Ko] - C:\hiberfil.sys
[16/04/2012 - 06:19:32 | D] - C:\hp
[05/04/2013 - 11:09:06 | RHD] - C:\MSOCache
[13/02/2014 - 08:37:14 | ASH | 4072004 Ko] - C:\pagefile.sys
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[31/01/2014 - 10:04:36 | D] - C:\Program Files
[12/02/2014 - 15:12:05 | D] - C:\Program Files (x86)
[03/02/2014 - 13:42:26 | HD] - C:\ProgramData
[04/04/2013 - 15:24:42 | SHD] - C:\Recovery
[04/04/2013 - 16:28:50 | D] - C:\swsetup
[13/02/2014 - 03:01:54 | SHD] - C:\System Volume Information
[05/04/2013 - 12:39:48 | D] - C:\SYSTEM.SAV
[13/02/2014 - 08:39:33 | D] - C:\UsbFix
[12/02/2014 - 20:13:44 | N | 16 Ko | 0B868B1DC4F39261B7504878556AB345] - C:\UsbFix [Clean 1] GMW-ARO.txt
[13/02/2014 - 09:58:48 | A | 12 Ko | 7281B504EAF81E7B6B022E234539A60F] - C:\UsbFix [Clean 3] GMW-ARO.txt
[10/02/2014 - 22:55:12 | N | 15 Ko | 90023CAF96906DE1975C47D182069822] - C:\UsbFix [Scan 1] GMW-ARO.txt
[10/02/2014 - 23:50:09 | N | 17 Ko | 9952428FED1DB16B3483510867D15460] - C:\UsbFix [Scan 2] GMW-ARO.txt
[13/01/2014 - 13:58:55 | D] - C:\Users
[10/02/2014 - 21:04:52 | D] - C:\Windows
[19/12/2013 - 09:15:42 | D] - D:\Dewez-DeSambre
[06/12/2013 - 10:14:48 | N | 448 Ko] - D:\AFFAIRE_COEME_ET_AUTRES_c._BELGIQUE.pdf
[22/01/2014 - 17:18:04 | N | 367 Ko] - D:\Garabedian.PDF
[22/01/2014 - 17:26:42 | N | 177 Ko] - D:\Parmentier.PDF
[22/01/2014 - 17:37:50 | N | 1359 Ko] - D:\Tiberghien.PDF
[22/01/2014 - 17:40:24 | N | 1004 Ko] - D:\Tiberghien 2.PDF
[22/01/2014 - 17:47:14 | N | 105 Ko] - D:\Droit sociétés 2011 - 1.PDF
[22/01/2014 - 17:49:14 | N | 130 Ko] - D:\Droit sociétés 2011 - 2.PDF
[22/01/2014 - 17:50:00 | N | 234 Ko] - D:\Droit sociétés 2011 - 3.PDF
[22/01/2014 - 17:51:04 | N | 145 Ko] - D:\ACDROSOC_005.pdf
[22/01/2014 - 17:51:40 | N | 157 Ko] - D:\ACDROSOC_006.pdf
[22/01/2014 - 17:52:10 | N | 90 Ko] - D:\ACDROSOC_007.pdf
[22/01/2014 - 17:55:58 | N | 319 Ko] - D:\DRSOCMB_008.pdf
[22/01/2014 - 17:57:36 | N | 86 Ko] - D:\jp droit soc.PDF
[28/01/2014 - 15:54:26 | N | 111 Ko] - D:\1501_428.pdf
[28/01/2014 - 15:54:50 | N | 128 Ko] - D:\1501_429.pdf
[28/01/2014 - 15:55:02 | N | 125 Ko] - D:\1501_430.pdf
[28/01/2014 - 15:55:16 | N | 129 Ko] - D:\1501_431.pdf
[28/01/2014 - 15:55:28 | N | 111 Ko] - D:\1501_432.pdf
[28/01/2014 - 15:55:38 | N | 120 Ko] - D:\1501_433.pdf
[28/01/2014 - 15:55:50 | N | 106 Ko] - D:\1501_434.pdf
[28/01/2014 - 15:55:58 | N | 112 Ko] - D:\1501_435.pdf
[28/01/2014 - 15:56:06 | N | 120 Ko] - D:\1501_436.pdf
[28/01/2014 - 15:56:16 | N | 107 Ko] - D:\1501_437.pdf
[24/11/2013 - 17:26:20 | N | 71538 Ko | 36E4504E76E9AA85E22E7CF9A9F9D86F] - D:\SURVIVAL.vbe
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\AFFAIRE_COEME_ET_AUTRES_c.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Garabedian.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Parmentier.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Tiberghien.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Tiberghien 2.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Droit sociétés 2011 - 1.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Droit sociétés 2011 - 2.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Droit sociétés 2011 - 3.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\ACDROSOC_005.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\ACDROSOC_006.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\ACDROSOC_007.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\DRSOCMB_008.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\jp droit soc.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_428.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_429.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_430.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_431.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_432.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_433.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_434.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_435.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_436.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\1501_437.lnk
[13/02/2014 - 09:58:36 | N | 1 Ko] - D:\Dewez-DeSambre.lnk
[26/02/2013 - 18:52:04 | N | 0 Ko] - E:\HP_Tools
[26/02/2013 - 18:59:36 | SHD] - E:\$RECYCLE.BIN
[26/02/2013 - 19:12:38 | D] - E:\Hewlett-Packard
[05/04/2013 - 14:25:20 | N | 0 Ko] - E:\HP_WSD.dat
[01/07/2013 - 08:29:08 | SHD] - G:\$RECYCLE.BIN
[04/04/2013 - 15:24:43 | ASHD] - G:\boot
[21/11/2010 - 04:23:51 | ASH | 375 Ko] - G:\bootmgr
[27/02/2013 - 05:06:16 | N | 0 Ko] - G:\HP_WINRE
[05/04/2013 - 13:25:18 | N | 0 Ko] - G:\HP_WSD.dat
[04/04/2013 - 15:24:42 | ASHD] - G:\Recovery
[27/02/2013 - 05:42:01 | SHD] - G:\System Volume Information
[27/02/2013 - 05:06:16 | D] - G:\system.sav
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
bonjour,
j'ai le même problème de virus j'ai fait une suppression avec usbfix, voici le rapport que j'ai eu:
le virus est tjrs là que dois je faire SVP?
############################## | UsbFix V 7.164 | [Suppression]
Utilisateur: Z-Siham (Administrateur) # Z-SIHAM-HP
Mis à jour le05/02/2014 par El Desaparecido - Team SosVirus
Lancé à 18:37:48 | 22/02/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Hewlett-Packard (1475)
CPU: AMD V160 Processor
RAM -> [Total : 1786 Mo| Free : 648 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Google Chrome : 32.0.1700.107
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Norton Internet Security [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: Norton Internet Security [Enabled | Updated]
FW: Norton Internet Security [Enabled]
FW: Windows FireWall [(!) Disabled]
C:\ (%systemdrive%) -> Disque fixe # 216 Go (159 Go libre(s) - 74%) [] # NTFS
E:\ -> Disque fixe # 2 Go (2 Go libre(s) - 100%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
################## | Processus Actif |
C:\windows\system32\csrss.exe (ID: 360 |ParentID: 352)
C:\windows\system32\wininit.exe (ID: 428 |ParentID: 352)
C:\windows\system32\csrss.exe (ID: 440 |ParentID: 420)
C:\windows\system32\services.exe (ID: 488 |ParentID: 428)
C:\windows\system32\lsass.exe (ID: 500 |ParentID: 428)
C:\windows\system32\lsm.exe (ID: 508 |ParentID: 428)
C:\windows\system32\winlogon.exe (ID: 536 |ParentID: 420)
C:\windows\system32\svchost.exe (ID: 660 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 736 |ParentID: 488)
C:\windows\system32\atiesrxx.exe (ID: 816 |ParentID: 488)
C:\windows\System32\svchost.exe (ID: 864 |ParentID: 488)
C:\windows\System32\svchost.exe (ID: 900 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 928 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 960 |ParentID: 488)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 984 |ParentID: 488)
C:\windows\system32\atieclxx.exe (ID: 1148 |ParentID: 816)
C:\windows\system32\WLANExt.exe (ID: 1264 |ParentID: 900)
C:\windows\system32\conhost.exe (ID: 1272 |ParentID: 360)
C:\windows\system32\svchost.exe (ID: 1328 |ParentID: 488)
C:\windows\System32\spoolsv.exe (ID: 1428 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 1468 |ParentID: 488)
C:\Program Files\IDT\WDM\AESTSr64.exe (ID: 1552 |ParentID: 488)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1596 |ParentID: 488)
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID: 1668 |ParentID: 488)
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (ID: 1716 |ParentID: 488)
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (ID: 1744 |ParentID: 488)
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (ID: 1780 |ParentID: 488)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 1860 |ParentID: 488)
C:\windows\system32\taskhost.exe (ID: 1936 |ParentID: 488)
C:\windows\system32\Dwm.exe (ID: 2000 |ParentID: 900)
C:\windows\Explorer.EXE (ID: 2024 |ParentID: 1984)
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ID: 1128 |ParentID: 488)
C:\windows\system32\runonce.exe (ID: 1404 |ParentID: 2024)
C:\windows\system32\taskeng.exe (ID: 2084 |ParentID: 960)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2396 |ParentID: 488)
C:\Program Files (x86)\Skype\Updater\Updater.exe (ID: 2452 |ParentID: 488)
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (ID: 2488 |ParentID: 1780)
C:\windows\system32\svchost.exe (ID: 2528 |ParentID: 488)
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (ID: 2560 |ParentID: 488)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2636 |ParentID: 488)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2712 |ParentID: 488)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2912 |ParentID: 2636)
C:\windows\system32\wbem\unsecapp.exe (ID: 2168 |ParentID: 660)
C:\windows\system32\wbem\wmiprvse.exe (ID: 1880 |ParentID: 660)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 352 |ParentID: 488)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (ID: 3216 |ParentID: 488)
C:\windows\system32\SearchIndexer.exe (ID: 3488 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 3540 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 3608 |ParentID: 488)
C:\windows\system32\SearchProtocolHost.exe (ID: 3792 |ParentID: 3488)
C:\windows\system32\SearchFilterHost.exe (ID: 3812 |ParentID: 3488)
C:\windows\system32\svchost.exe (ID: 3940 |ParentID: 488)
C:\windows\system32\wbem\wmiprvse.exe (ID: 2524 |ParentID: 660)
################## | Regedit Run |
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
04 - HKCU\..\Run : [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKCU\..\Run : [Google Update] "C:\Users\Z-Siham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
04 - HKLM\..\Run : [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [fst_fr_80]
04 - HKLM\..\RunOnce : [Discount Dragon-repairJob] wscript.exe "C:\Users\Z-Siham\AppData\Local\Discount Dragon\repair.js" "Discount Dragon-repairJob"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
04 - HKLM64\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3543504832-3052415561-382366905-1000\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
04 - HKU\S-1-5-21-3543504832-3052415561-382366905-1000\..\Run : [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKU\S-1-5-21-3543504832-3052415561-382366905-1000\..\Run : [Google Update] "C:\Users\Z-Siham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-3543504832-3052415561-382366905-1000\..\Run : [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Recherche générique |
Supprimé! C:\Users\Z-Siham\AppData\Local\nsb2AB4.tmp
Supprimé! C:\Users\Z-Siham\AppData\Local\nsb4C76.tmp
Supprimé! C:\Users\Z-Siham\AppData\Local\nsjBAB2.tmp
(!) Fichiers temporaires supprimés.
################## | Registre |
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
################## | Listing |
[14/12/2013 - 20:05:16 | SHD] - C:\$Recycle.Bin
[30/12/2013 - 23:30:48 | D] - C:\8baee6af4e142dfe41e6d584
[30/12/2013 - 00:11:07 | D] - C:\a64d1854d5d849f28733146b333a07
[27/07/2009 - 16:04:41 | SHD] - C:\boot
[14/07/2009 - 02:38:58 | RASH | 375 Ko] - C:\bootmgr
[17/02/2014 - 22:39:39 | D] - C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[08/12/2010 - 22:40:39 | D] - C:\EFI
[17/02/2014 - 20:49:15 | N | 0 Ko] - C:\END
[22/02/2014 - 18:36:38 | ASH | 1828416 Ko] - C:\hiberfil.sys
[09/12/2010 - 00:35:50 | D] - C:\hp
[09/01/2014 - 14:39:13 | RHD] - C:\MSOCache
[22/02/2014 - 18:36:39 | ASH | 1828416 Ko] - C:\pagefile.sys
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[17/02/2014 - 22:17:52 | D] - C:\Program Files
[17/02/2014 - 22:35:52 | D] - C:\Program Files (x86)
[17/02/2014 - 22:33:52 | HD] - C:\ProgramData
[17/02/2014 - 13:27:42 | D] - C:\swsetup
[22/02/2014 - 18:37:22 | SHD] - C:\System Volume Information
[14/12/2013 - 18:26:08 | D] - C:\SYSTEM.SAV
[19/10/2009 - 23:43:50 | A | 46 Ko] - C:\Thumbs.db
[22/02/2014 - 18:33:39 | D] - C:\UsbFix
[22/02/2014 - 18:39:11 | A | 9 Ko | 4E21C31E4570B76E7B17C7A15298EA05] - C:\UsbFix [Clean 2] Z-SIHAM-HP.txt
[22/02/2014 - 18:32:31 | N | 9 Ko | D2046D52DD6B980DD28567C878C87BF6] - C:\UsbFix [Scan 1] Z-SIHAM-HP.txt
[14/12/2013 - 18:12:37 | D] - C:\Users
[20/02/2014 - 10:57:02 | D] - C:\Windows
[08/12/2010 - 23:46:26 | SHD] - E:\$RECYCLE.BIN
[13/01/2014 - 08:42:08 | D] - E:\Hewlett-Packard
[08/12/2010 - 23:26:42 | N | 0 Ko] - E:\HP_Tools
[06/01/2014 - 16:29:34 | N | 0 Ko] - E:\HP_WSD.dat
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |
j'ai le même problème de virus j'ai fait une suppression avec usbfix, voici le rapport que j'ai eu:
le virus est tjrs là que dois je faire SVP?
############################## | UsbFix V 7.164 | [Suppression]
Utilisateur: Z-Siham (Administrateur) # Z-SIHAM-HP
Mis à jour le05/02/2014 par El Desaparecido - Team SosVirus
Lancé à 18:37:48 | 22/02/2014
Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/
PC: Hewlett-Packard (1475)
CPU: AMD V160 Processor
RAM -> [Total : 1786 Mo| Free : 648 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Google Chrome : 32.0.1700.107
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Norton Internet Security [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: Norton Internet Security [Enabled | Updated]
FW: Norton Internet Security [Enabled]
FW: Windows FireWall [(!) Disabled]
C:\ (%systemdrive%) -> Disque fixe # 216 Go (159 Go libre(s) - 74%) [] # NTFS
E:\ -> Disque fixe # 2 Go (2 Go libre(s) - 100%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
################## | Processus Actif |
C:\windows\system32\csrss.exe (ID: 360 |ParentID: 352)
C:\windows\system32\wininit.exe (ID: 428 |ParentID: 352)
C:\windows\system32\csrss.exe (ID: 440 |ParentID: 420)
C:\windows\system32\services.exe (ID: 488 |ParentID: 428)
C:\windows\system32\lsass.exe (ID: 500 |ParentID: 428)
C:\windows\system32\lsm.exe (ID: 508 |ParentID: 428)
C:\windows\system32\winlogon.exe (ID: 536 |ParentID: 420)
C:\windows\system32\svchost.exe (ID: 660 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 736 |ParentID: 488)
C:\windows\system32\atiesrxx.exe (ID: 816 |ParentID: 488)
C:\windows\System32\svchost.exe (ID: 864 |ParentID: 488)
C:\windows\System32\svchost.exe (ID: 900 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 928 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 960 |ParentID: 488)
C:\Program Files\IDT\WDM\STacSV64.exe (ID: 984 |ParentID: 488)
C:\windows\system32\atieclxx.exe (ID: 1148 |ParentID: 816)
C:\windows\system32\WLANExt.exe (ID: 1264 |ParentID: 900)
C:\windows\system32\conhost.exe (ID: 1272 |ParentID: 360)
C:\windows\system32\svchost.exe (ID: 1328 |ParentID: 488)
C:\windows\System32\spoolsv.exe (ID: 1428 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 1468 |ParentID: 488)
C:\Program Files\IDT\WDM\AESTSr64.exe (ID: 1552 |ParentID: 488)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1596 |ParentID: 488)
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID: 1668 |ParentID: 488)
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (ID: 1716 |ParentID: 488)
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (ID: 1744 |ParentID: 488)
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (ID: 1780 |ParentID: 488)
C:\Program Files (x86)\PDF Complete\pdfsvc.exe (ID: 1860 |ParentID: 488)
C:\windows\system32\taskhost.exe (ID: 1936 |ParentID: 488)
C:\windows\system32\Dwm.exe (ID: 2000 |ParentID: 900)
C:\windows\Explorer.EXE (ID: 2024 |ParentID: 1984)
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ID: 1128 |ParentID: 488)
C:\windows\system32\runonce.exe (ID: 1404 |ParentID: 2024)
C:\windows\system32\taskeng.exe (ID: 2084 |ParentID: 960)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2396 |ParentID: 488)
C:\Program Files (x86)\Skype\Updater\Updater.exe (ID: 2452 |ParentID: 488)
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (ID: 2488 |ParentID: 1780)
C:\windows\system32\svchost.exe (ID: 2528 |ParentID: 488)
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (ID: 2560 |ParentID: 488)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2636 |ParentID: 488)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2712 |ParentID: 488)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2912 |ParentID: 2636)
C:\windows\system32\wbem\unsecapp.exe (ID: 2168 |ParentID: 660)
C:\windows\system32\wbem\wmiprvse.exe (ID: 1880 |ParentID: 660)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 352 |ParentID: 488)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (ID: 3216 |ParentID: 488)
C:\windows\system32\SearchIndexer.exe (ID: 3488 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 3540 |ParentID: 488)
C:\windows\system32\svchost.exe (ID: 3608 |ParentID: 488)
C:\windows\system32\SearchProtocolHost.exe (ID: 3792 |ParentID: 3488)
C:\windows\system32\SearchFilterHost.exe (ID: 3812 |ParentID: 3488)
C:\windows\system32\svchost.exe (ID: 3940 |ParentID: 488)
C:\windows\system32\wbem\wmiprvse.exe (ID: 2524 |ParentID: 660)
################## | Regedit Run |
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
04 - HKCU\..\Run : [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKCU\..\Run : [Google Update] "C:\Users\Z-Siham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
04 - HKLM\..\Run : [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
04 - HKLM\..\Run : [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [fst_fr_80]
04 - HKLM\..\RunOnce : [Discount Dragon-repairJob] wscript.exe "C:\Users\Z-Siham\AppData\Local\Discount Dragon\repair.js" "Discount Dragon-repairJob"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
04 - HKLM64\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3543504832-3052415561-382366905-1000\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
04 - HKU\S-1-5-21-3543504832-3052415561-382366905-1000\..\Run : [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKU\S-1-5-21-3543504832-3052415561-382366905-1000\..\Run : [Google Update] "C:\Users\Z-Siham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-3543504832-3052415561-382366905-1000\..\Run : [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Recherche générique |
Supprimé! C:\Users\Z-Siham\AppData\Local\nsb2AB4.tmp
Supprimé! C:\Users\Z-Siham\AppData\Local\nsb4C76.tmp
Supprimé! C:\Users\Z-Siham\AppData\Local\nsjBAB2.tmp
(!) Fichiers temporaires supprimés.
################## | Registre |
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Réparé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
################## | Listing |
[14/12/2013 - 20:05:16 | SHD] - C:\$Recycle.Bin
[30/12/2013 - 23:30:48 | D] - C:\8baee6af4e142dfe41e6d584
[30/12/2013 - 00:11:07 | D] - C:\a64d1854d5d849f28733146b333a07
[27/07/2009 - 16:04:41 | SHD] - C:\boot
[14/07/2009 - 02:38:58 | RASH | 375 Ko] - C:\bootmgr
[17/02/2014 - 22:39:39 | D] - C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[08/12/2010 - 22:40:39 | D] - C:\EFI
[17/02/2014 - 20:49:15 | N | 0 Ko] - C:\END
[22/02/2014 - 18:36:38 | ASH | 1828416 Ko] - C:\hiberfil.sys
[09/12/2010 - 00:35:50 | D] - C:\hp
[09/01/2014 - 14:39:13 | RHD] - C:\MSOCache
[22/02/2014 - 18:36:39 | ASH | 1828416 Ko] - C:\pagefile.sys
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[17/02/2014 - 22:17:52 | D] - C:\Program Files
[17/02/2014 - 22:35:52 | D] - C:\Program Files (x86)
[17/02/2014 - 22:33:52 | HD] - C:\ProgramData
[17/02/2014 - 13:27:42 | D] - C:\swsetup
[22/02/2014 - 18:37:22 | SHD] - C:\System Volume Information
[14/12/2013 - 18:26:08 | D] - C:\SYSTEM.SAV
[19/10/2009 - 23:43:50 | A | 46 Ko] - C:\Thumbs.db
[22/02/2014 - 18:33:39 | D] - C:\UsbFix
[22/02/2014 - 18:39:11 | A | 9 Ko | 4E21C31E4570B76E7B17C7A15298EA05] - C:\UsbFix [Clean 2] Z-SIHAM-HP.txt
[22/02/2014 - 18:32:31 | N | 9 Ko | D2046D52DD6B980DD28567C878C87BF6] - C:\UsbFix [Scan 1] Z-SIHAM-HP.txt
[14/12/2013 - 18:12:37 | D] - C:\Users
[20/02/2014 - 10:57:02 | D] - C:\Windows
[08/12/2010 - 23:46:26 | SHD] - E:\$RECYCLE.BIN
[13/01/2014 - 08:42:08 | D] - E:\Hewlett-Packard
[08/12/2010 - 23:26:42 | N | 0 Ko] - E:\HP_Tools
[06/01/2014 - 16:29:34 | N | 0 Ko] - E:\HP_WSD.dat
################## | Vaccin |
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net/ - http://www.sosvirus.net |