- lun. 7 oct. 2013 18:41
#10544
Bonjour!
Je viens de scanner mon PC avec UsbFix et voici le rapport obtenu.
J'ai réalisé cette opération après la possible infection du portable de mon fils, signalée par un de ses professeurs (il a un ordinateur pour le collège). Nous travaillons en réseau domestique et avec de nombreux transferts par clé.
Pouvez-vous m'aidez et me dire ce que je dois faire?
Merci d'avance!
Claude
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe (ID 4568 |ParentID 4504)
C:\Program Files (x86)\SFR\Media Center\httpd\httpd.exe (ID 3488 |ParentID 5060)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 4580 |ParentID 4504)
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe (ID 1824 |ParentID 4784)
C:\Windows\splwow64.exe (ID 4792 |ParentID 4696)
C:\Windows\system32\DllHost.exe (ID 5780 |ParentID 836)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 2824 |ParentID 4672)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID 1188 |ParentID 692)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 4524 |ParentID 692)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 728 |ParentID 2824)
C:\Windows\System32\svchost.exe (ID 6268 |ParentID 692)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 6628 |ParentID 692)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 6728 |ParentID 692)
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (ID 6564 |ParentID 692)
C:\Windows\system32\svchost.exe (ID 6056 |ParentID 692)
C:\Windows\SysWOW64\ctfmon.exe (ID 4812 |ParentID 5076)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5152 |ParentID 3992)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5432 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4828 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5436 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7004 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6164 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3476 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5284 |ParentID 5152)
C:\Windows\system32\taskeng.exe (ID 4640 |ParentID 1032)
C:\UsbFix\Go.exe (ID 1168 |ParentID 6064)
C:\Windows\system32\wbem\wmiprvse.exe (ID 7008 |ParentID 836)
################## | Regedit Run |
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [HP Remote Solution] - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HKLM\SOFTWARE | Run : [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
HKLM\SOFTWARE | Run : [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE | Run : [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
HKLM\SOFTWARE | Run : [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [Philips Device Listener] - "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [HP Remote Solution] - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HKLM\SOFTWARE\wow6432Node | Run : [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
HKLM\SOFTWARE\wow6432Node | Run : [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE\wow6432Node | Run : [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM\SOFTWARE\wow6432Node | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
HKLM\SOFTWARE\wow6432Node | Run : [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Philips Device Listener] - "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2623241934-2541892438-1868412625-1001\SOFTWARE | Run : [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
HKU\S-1-5-21-2623241934-2541892438-1868412625-1001\SOFTWARE | Run : [Connexion SFR 9props.exe] - "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon
HKU\S-1-5-21-2623241934-2541892438-1868412625-1001\SOFTWARE | Run : [Neuf Media Center] - "C:\Program Files (x86)\SFR\Media Center\MediaCenter.exe"
HKU\S-1-5-21-2623241934-2541892438-1868412625-1001\SOFTWARE | Run : [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | à‰léments infectieux |
Présent! C:\Users\Claude\AppData\Local\Temp\7z920.exe
Présent! L:\setupSNK.exe
Présent! L:\AUTORUN.INF
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
Je viens de scanner mon PC avec UsbFix et voici le rapport obtenu.
J'ai réalisé cette opération après la possible infection du portable de mon fils, signalée par un de ses professeurs (il a un ordinateur pour le collège). Nous travaillons en réseau domestique et avec de nombreux transferts par clé.
Pouvez-vous m'aidez et me dire ce que je dois faire?
Merci d'avance!
Claude
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe (ID 4568 |ParentID 4504)
C:\Program Files (x86)\SFR\Media Center\httpd\httpd.exe (ID 3488 |ParentID 5060)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 4580 |ParentID 4504)
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe (ID 1824 |ParentID 4784)
C:\Windows\splwow64.exe (ID 4792 |ParentID 4696)
C:\Windows\system32\DllHost.exe (ID 5780 |ParentID 836)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 2824 |ParentID 4672)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID 1188 |ParentID 692)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 4524 |ParentID 692)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 728 |ParentID 2824)
C:\Windows\System32\svchost.exe (ID 6268 |ParentID 692)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 6628 |ParentID 692)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 6728 |ParentID 692)
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (ID 6564 |ParentID 692)
C:\Windows\system32\svchost.exe (ID 6056 |ParentID 692)
C:\Windows\SysWOW64\ctfmon.exe (ID 4812 |ParentID 5076)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5152 |ParentID 3992)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5432 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4828 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5436 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7004 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6164 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 3476 |ParentID 5152)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 5284 |ParentID 5152)
C:\Windows\system32\taskeng.exe (ID 4640 |ParentID 1032)
C:\UsbFix\Go.exe (ID 1168 |ParentID 6064)
C:\Windows\system32\wbem\wmiprvse.exe (ID 7008 |ParentID 836)
################## | Regedit Run |
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [HP Remote Solution] - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HKLM\SOFTWARE | Run : [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
HKLM\SOFTWARE | Run : [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE | Run : [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
HKLM\SOFTWARE | Run : [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [Philips Device Listener] - "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [HP Remote Solution] - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HKLM\SOFTWARE\wow6432Node | Run : [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
HKLM\SOFTWARE\wow6432Node | Run : [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE\wow6432Node | Run : [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM\SOFTWARE\wow6432Node | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
HKLM\SOFTWARE\wow6432Node | Run : [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Philips Device Listener] - "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2623241934-2541892438-1868412625-1001\SOFTWARE | Run : [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
HKU\S-1-5-21-2623241934-2541892438-1868412625-1001\SOFTWARE | Run : [Connexion SFR 9props.exe] - "C:\Program Files (x86)\SFR\Kit\9props.exe" /trayicon
HKU\S-1-5-21-2623241934-2541892438-1868412625-1001\SOFTWARE | Run : [Neuf Media Center] - "C:\Program Files (x86)\SFR\Media Center\MediaCenter.exe"
HKU\S-1-5-21-2623241934-2541892438-1868412625-1001\SOFTWARE | Run : [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | à‰léments infectieux |
Présent! C:\Users\Claude\AppData\Local\Temp\7z920.exe
Présent! L:\setupSNK.exe
Présent! L:\AUTORUN.INF
################## | Registre |
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |