- jeu. 23 janv. 2014 15:53
#50220
Bonjour,
Suite à un problème de copier/coller film, documents, sur clé usb qui s'affichent en raccourci j'ai consulté internet pour savoir comment y remédier et je constate que j'ai 3 clées usb d'infectées j'ai donc téléchargé usbFix et suivi les instructions. Voici le rapport :
############################## | UsbFix V 7.161 | [Recherche]
Utilisateur: slim (Administrateur) # SLIM-PC
Mis à jour le 15/01/2014 par El Desaparecido - Team SosVirus
Lancé à 15:41:49 | 23/01/2014
Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/" onclick="window.open(this.href);return false;
Support : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;
PC: ASUSTeK Computer Inc. (K50IN )
CPU: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
RAM -> [Total : 4095 Mo| Free : 1507 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Mozilla Firefox : 22.0
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 75 Go (25 Go libre(s) - 33%) [OS] # NTFS
D:\ -> Disque fixe # 209 Go (207 Go libre(s) - 99%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 15 Go (15 Go libre(s) - 100%) [SLIM 2] # FAT32
G:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [PURPLE USB] # FAT32
H:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 384 |ParentID: 340)
C:\Windows\system32\wininit.exe (ID: 448 |ParentID: 340)
C:\Windows\system32\csrss.exe (ID: 460 |ParentID: 440)
C:\Windows\system32\services.exe (ID: 508 |ParentID: 448)
C:\Windows\system32\lsass.exe (ID: 516 |ParentID: 448)
C:\Windows\system32\lsm.exe (ID: 524 |ParentID: 448)
C:\Windows\system32\winlogon.exe (ID: 608 |ParentID: 440)
C:\Windows\system32\svchost.exe (ID: 684 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 768 |ParentID: 508)
C:\Windows\System32\svchost.exe (ID: 832 |ParentID: 508)
C:\Windows\System32\svchost.exe (ID: 900 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 944 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 972 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1112 |ParentID: 508)
C:\Windows\system32\FBAgent.exe (ID: 1192 |ParentID: 508)
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ID: 1212 |ParentID: 508)
C:\Program Files\ATKGFNEX\GFNEXSrv.exe (ID: 1256 |ParentID: 508)
C:\Windows\System32\spoolsv.exe (ID: 1356 |ParentID: 508)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1400 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1420 |ParentID: 508)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1564 |ParentID: 508)
C:\Windows\SysWOW64\svchost.exe (ID: 1596 |ParentID: 508)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1620 |ParentID: 508)
C:\Windows\system32\crypserv.exe (ID: 1648 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1720 |ParentID: 508)
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID: 1852 |ParentID: 508)
C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe (ID: 1928 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1080 |ParentID: 508)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 2492 |ParentID: 1620)
C:\Windows\System32\svchost.exe (ID: 2120 |ParentID: 508)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2064 |ParentID: 508)
C:\Windows\system32\SearchIndexer.exe (ID: 2768 |ParentID: 508)
C:\Windows\system32\taskhost.exe (ID: 2240 |ParentID: 508)
C:\Windows\system32\Dwm.exe (ID: 464 |ParentID: 900)
C:\Windows\Explorer.EXE (ID: 2640 |ParentID: 1072)
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ID: 3008 |ParentID: 1212)
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (ID: 1820 |ParentID: 3008)
C:\Windows\system32\taskeng.exe (ID: 2940 |ParentID: 972)
C:\Program Files\P4G\BatteryLife.exe (ID: 1012 |ParentID: 2940)
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (ID: 1840 |ParentID: 2940)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 1508 |ParentID: 2940)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID: 968 |ParentID: 2940)
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ID: 2676 |ParentID: 3008)
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ID: 2756 |ParentID: 3008)
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ID: 244 |ParentID: 3008)
C:\Windows\SysWOW64\ACEngSvr.exe (ID: 1808 |ParentID: 684)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 3432 |ParentID: 2640)
C:\Program Files\Microsoft IntelliPoint\ipoint.exe (ID: 3456 |ParentID: 2640)
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (ID: 3520 |ParentID: 2640)
C:\Windows\System32\wscript.exe (ID: 3556 |ParentID: 2640)
C:\Users\slim\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 3624 |ParentID: 2640)
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ID: 3876 |ParentID: 3692)
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ID: 3884 |ParentID: 3692)
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ID: 3892 |ParentID: 3692)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 3916 |ParentID: 3692)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID: 4060 |ParentID: 3692)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 1772 |ParentID: 3692)
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ID: 380 |ParentID: 508)
C:\Users\slim\AppData\Local\Akamai\netsession_win.exe (ID: 852 |ParentID: 1192)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 1200 |ParentID: 2924)
C:\Users\slim\AppData\Local\Akamai\netsession_win.exe (ID: 2216 |ParentID: 852)
C:\Program Files (x86)\Samsung\Kies\Kies.exe (ID: 3804 |ParentID: 1192)
C:\Windows\system32\nvvsvc.exe (ID: 2648 |ParentID: 508)
C:\Windows\system32\nvvsvc.exe (ID: 1744 |ParentID: 2648)
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID: 4304 |ParentID: 1192)
C:\Windows\AsScrPro.exe (ID: 4616 |ParentID: 1192)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 4656 |ParentID: 1192)
C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ID: 4712 |ParentID: 1192)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 5100 |ParentID: 1192)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 5740 |ParentID: 508)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4204 |ParentID: 684)
C:\Windows\System32\WUDFHost.exe (ID: 5800 |ParentID: 900)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5468 |ParentID: 2640)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5028 |ParentID: 5468)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2440 |ParentID: 5468)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3332 |ParentID: 5468)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 284 |ParentID: 5468)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4936 |ParentID: 5468)
C:\Windows\system32\SearchProtocolHost.exe (ID: 2208 |ParentID: 2768)
C:\Windows\system32\SearchFilterHost.exe (ID: 5644 |ParentID: 2768)
################## | Regedit Run |
04 - HKLM\..\Run : [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
04 - HKLM\..\Run : [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
04 - HKLM\..\Run : [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
04 - HKLM64\..\Run : [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
04 - HKLM64\..\Run : [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
04 - HKLM64\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\slim\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [cacaoweb] "C:\Users\slim\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [MusicManager] "C:\Users\slim\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [uTorrent] "C:\Users\slim\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [{90120000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
################## | Recherche générique |
Présent! C:\Users\slim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! C:\Users\slim\AppData\Local\Temp\iTunesHelper.vbe
Présent! F:\iTunesHelper.vbe
Présent! G:\iTunesHelper.vbe
Présent! H:\iTunesHelper.vbe
################## | Registre |
Présent! HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | Vaccin |
################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
Suite à un problème de copier/coller film, documents, sur clé usb qui s'affichent en raccourci j'ai consulté internet pour savoir comment y remédier et je constate que j'ai 3 clées usb d'infectées j'ai donc téléchargé usbFix et suivi les instructions. Voici le rapport :
############################## | UsbFix V 7.161 | [Recherche]
Utilisateur: slim (Administrateur) # SLIM-PC
Mis à jour le 15/01/2014 par El Desaparecido - Team SosVirus
Lancé à 15:41:49 | 23/01/2014
Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/" onclick="window.open(this.href);return false;
Support : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;
PC: ASUSTeK Computer Inc. (K50IN )
CPU: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
RAM -> [Total : 4095 Mo| Free : 1507 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Mozilla Firefox : 22.0
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 75 Go (25 Go libre(s) - 33%) [OS] # NTFS
D:\ -> Disque fixe # 209 Go (207 Go libre(s) - 99%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 15 Go (15 Go libre(s) - 100%) [SLIM 2] # FAT32
G:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [PURPLE USB] # FAT32
H:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [] # FAT32
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 384 |ParentID: 340)
C:\Windows\system32\wininit.exe (ID: 448 |ParentID: 340)
C:\Windows\system32\csrss.exe (ID: 460 |ParentID: 440)
C:\Windows\system32\services.exe (ID: 508 |ParentID: 448)
C:\Windows\system32\lsass.exe (ID: 516 |ParentID: 448)
C:\Windows\system32\lsm.exe (ID: 524 |ParentID: 448)
C:\Windows\system32\winlogon.exe (ID: 608 |ParentID: 440)
C:\Windows\system32\svchost.exe (ID: 684 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 768 |ParentID: 508)
C:\Windows\System32\svchost.exe (ID: 832 |ParentID: 508)
C:\Windows\System32\svchost.exe (ID: 900 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 944 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 972 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1112 |ParentID: 508)
C:\Windows\system32\FBAgent.exe (ID: 1192 |ParentID: 508)
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ID: 1212 |ParentID: 508)
C:\Program Files\ATKGFNEX\GFNEXSrv.exe (ID: 1256 |ParentID: 508)
C:\Windows\System32\spoolsv.exe (ID: 1356 |ParentID: 508)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1400 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1420 |ParentID: 508)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1564 |ParentID: 508)
C:\Windows\SysWOW64\svchost.exe (ID: 1596 |ParentID: 508)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1620 |ParentID: 508)
C:\Windows\system32\crypserv.exe (ID: 1648 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1720 |ParentID: 508)
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID: 1852 |ParentID: 508)
C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe (ID: 1928 |ParentID: 508)
C:\Windows\system32\svchost.exe (ID: 1080 |ParentID: 508)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 2492 |ParentID: 1620)
C:\Windows\System32\svchost.exe (ID: 2120 |ParentID: 508)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2064 |ParentID: 508)
C:\Windows\system32\SearchIndexer.exe (ID: 2768 |ParentID: 508)
C:\Windows\system32\taskhost.exe (ID: 2240 |ParentID: 508)
C:\Windows\system32\Dwm.exe (ID: 464 |ParentID: 900)
C:\Windows\Explorer.EXE (ID: 2640 |ParentID: 1072)
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ID: 3008 |ParentID: 1212)
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (ID: 1820 |ParentID: 3008)
C:\Windows\system32\taskeng.exe (ID: 2940 |ParentID: 972)
C:\Program Files\P4G\BatteryLife.exe (ID: 1012 |ParentID: 2940)
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (ID: 1840 |ParentID: 2940)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ID: 1508 |ParentID: 2940)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ID: 968 |ParentID: 2940)
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ID: 2676 |ParentID: 3008)
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ID: 2756 |ParentID: 3008)
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ID: 244 |ParentID: 3008)
C:\Windows\SysWOW64\ACEngSvr.exe (ID: 1808 |ParentID: 684)
C:\Program Files\Elantech\ETDCtrl.exe (ID: 3432 |ParentID: 2640)
C:\Program Files\Microsoft IntelliPoint\ipoint.exe (ID: 3456 |ParentID: 2640)
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (ID: 3520 |ParentID: 2640)
C:\Windows\System32\wscript.exe (ID: 3556 |ParentID: 2640)
C:\Users\slim\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 3624 |ParentID: 2640)
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ID: 3876 |ParentID: 3692)
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ID: 3884 |ParentID: 3692)
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ID: 3892 |ParentID: 3692)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 3916 |ParentID: 3692)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID: 4060 |ParentID: 3692)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 1772 |ParentID: 3692)
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ID: 380 |ParentID: 508)
C:\Users\slim\AppData\Local\Akamai\netsession_win.exe (ID: 852 |ParentID: 1192)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 1200 |ParentID: 2924)
C:\Users\slim\AppData\Local\Akamai\netsession_win.exe (ID: 2216 |ParentID: 852)
C:\Program Files (x86)\Samsung\Kies\Kies.exe (ID: 3804 |ParentID: 1192)
C:\Windows\system32\nvvsvc.exe (ID: 2648 |ParentID: 508)
C:\Windows\system32\nvvsvc.exe (ID: 1744 |ParentID: 2648)
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID: 4304 |ParentID: 1192)
C:\Windows\AsScrPro.exe (ID: 4616 |ParentID: 1192)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 4656 |ParentID: 1192)
C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ID: 4712 |ParentID: 1192)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 5100 |ParentID: 1192)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 5740 |ParentID: 508)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4204 |ParentID: 684)
C:\Windows\System32\WUDFHost.exe (ID: 5800 |ParentID: 900)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5468 |ParentID: 2640)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5028 |ParentID: 5468)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2440 |ParentID: 5468)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3332 |ParentID: 5468)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 284 |ParentID: 5468)
C:\Users\slim\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4936 |ParentID: 5468)
C:\Windows\system32\SearchProtocolHost.exe (ID: 2208 |ParentID: 2768)
C:\Windows\system32\SearchFilterHost.exe (ID: 5644 |ParentID: 2768)
################## | Regedit Run |
04 - HKLM\..\Run : [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
04 - HKLM\..\Run : [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
04 - HKLM\..\Run : [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
04 - HKLM64\..\Run : [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
04 - HKLM64\..\Run : [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
04 - HKLM64\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [iTunesHelper] wscript.exe //B "C:\Users\slim\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [cacaoweb] "C:\Users\slim\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [MusicManager] "C:\Users\slim\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\..\Run : [uTorrent] "C:\Users\slim\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [{90120000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
################## | Recherche générique |
Présent! C:\Users\slim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Présent! C:\Users\slim\AppData\Local\Temp\iTunesHelper.vbe
Présent! F:\iTunesHelper.vbe
Présent! G:\iTunesHelper.vbe
Présent! H:\iTunesHelper.vbe
################## | Registre |
Présent! HKU\S-1-5-21-3283546346-2024479895-1480849489-1001\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
################## | Vaccin |
################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |