Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
Avatar du membre
par ALaure
#10916
Bonjour,
ne sachant pas ce que je dois faire de ces informations et que mon problème persiste (usb créant des raccourcis), je me tourne vers vous pour vous demander de l'aide svp !
je vous remercie par avance :)


1- Rapport de recherche
Code: Tout sélectionner
############################## | UsbFix V 7.144 | [Recherche]

Utilisateur: Anne-Laure (Administrateur) # ANNE-LAURE-PC
Mis à jour le 08/10/2013 par El Desaparecido - Team SosVirus
Lancé à 06:25:32 | 11/10/2013

Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: Hewlett-Packard (1426)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3958 | Free : 1807]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 453 Go (85 Go libre(s) - 19%) [] # NTFS
D:\ -> Disque fixe # 13 Go (2 Go libre(s) - 16%) [RECOVERY] # NTFS
E:\ -> Disque fixe # 99 Mo (95 Mo libre(s) - 96%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
G:\ -> Disque amovible # 249 Mo (227 Mo libre(s) - 91%) [] # NTFS

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID 452 |ParentID 444)
C:\Windows\system32\wininit.exe (ID 504 |ParentID 444)
C:\Windows\system32\csrss.exe (ID 528 |ParentID 516)
C:\Windows\system32\services.exe (ID 572 |ParentID 504)
C:\Windows\system32\winlogon.exe (ID 604 |ParentID 516)
C:\Windows\system32\lsass.exe (ID 632 |ParentID 504)
C:\Windows\system32\lsm.exe (ID 640 |ParentID 504)
C:\Windows\system32\svchost.exe (ID 744 |ParentID 572)
C:\Windows\system32\svchost.exe (ID 824 |ParentID 572)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (ID 888 |ParentID 572)
C:\Windows\system32\atiesrxx.exe (ID 980 |ParentID 572)
C:\Windows\System32\svchost.exe (ID 120 |ParentID 572)
C:\Windows\System32\svchost.exe (ID 168 |ParentID 572)
C:\Windows\system32\svchost.exe (ID 416 |ParentID 572)
C:\Windows\system32\svchost.exe (ID 760 |ParentID 572)
C:\Windows\system32\svchost.exe (ID 1092 |ParentID 572)
C:\Windows\system32\svchost.exe (ID 1284 |ParentID 572)
C:\Windows\System32\spoolsv.exe (ID 1456 |ParentID 572)
C:\Windows\system32\svchost.exe (ID 1484 |ParentID 572)
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (ID 1668 |ParentID 572)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 1692 |ParentID 572)
C:\Program Files\Bonjour\mDNSResponder.exe (ID 1716 |ParentID 572)
C:\Windows\SysWOW64\svchost.exe (ID 1756 |ParentID 572)
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID 1804 |ParentID 572)
C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe (ID 1856 |ParentID 572)
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (ID 1880 |ParentID 572)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 1904 |ParentID 572)
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID 1952 |ParentID 572)
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID 1988 |ParentID 572)
C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe (ID 1052 |ParentID 572)
C:\Windows\system32\svchost.exe (ID 1632 |ParentID 572)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2120 |ParentID 572)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 2380 |ParentID 2120)
c:\Program Files\Microsoft Security Client\NisSrv.exe (ID 2564 |ParentID 572)
C:\Windows\system32\SearchIndexer.exe (ID 2752 |ParentID 572)
C:\Windows\system32\atieclxx.exe (ID 3020 |ParentID 980)
C:\Windows\system32\svchost.exe (ID 2984 |ParentID 572)
C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick-connector.exe (ID 1712 |ParentID 1856)
C:\Windows\system32\conhost.exe (ID 1944 |ParentID 452)
C:\Windows\system32\svchost.exe (ID 2844 |ParentID 572)
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID 1168 |ParentID 572)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 2944 |ParentID 572)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 2360 |ParentID 572)
C:\Windows\system32\taskhost.exe (ID 3640 |ParentID 572)
C:\Windows\system32\Dwm.exe (ID 724 |ParentID 168)
C:\Windows\Explorer.EXE (ID 1624 |ParentID 4004)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 1148 |ParentID 1624)
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (ID 3248 |ParentID 1624)
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (ID 3488 |ParentID 1624)
C:\Program Files\Java\jre6\bin\jusched.exe (ID 3924 |ParentID 1624)
C:\Program Files\Microsoft Security Client\msseces.exe (ID 1784 |ParentID 1624)
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (ID 2108 |ParentID 1624)
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (ID 3748 |ParentID 1624)
C:\Program Files\Windows Sidebar\sidebar.exe (ID 3552 |ParentID 1624)
C:\Windows\System32\StikyNot.exe (ID 692 |ParentID 1624)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID 1140 |ParentID 3224)
C:\Users\Anne-Laure\AppData\Roaming\cacaoweb\cacaoweb.exe (ID 3252 |ParentID 1624)
C:\Windows\System32\wscript.exe (ID 992 |ParentID 1624)
C:\Users\Anne-Laure\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID 3392 |ParentID 1624)
C:\Windows\system32\wbem\wmiprvse.exe (ID 4136 |ParentID 744)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (ID 4256 |ParentID 3120)
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (ID 4272 |ParentID 3120)
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ID 4284 |ParentID 3120)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID 4356 |ParentID 3120)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 4364 |ParentID 3120)
C:\Windows\System32\svchost.exe (ID 4824 |ParentID 572)
C:\Windows\SysWOW64\explorer.exe (ID 4840 |ParentID 4404)
C:\Program Files\iPod\bin\iPodService.exe (ID 4916 |ParentID 572)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID 3184 |ParentID 572)
C:\Users\Public\Intel(R)Bl.exe (ID 3912 |ParentID 4404)
C:\Windows\system32\wbem\wmiprvse.exe (ID 4596 |ParentID 744)
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (ID 5244 |ParentID 572)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 5512 |ParentID 572)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (ID 5596 |ParentID 744)
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (ID 5632 |ParentID 5596)
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (ID 6140 |ParentID 1624)
C:\Windows\SysWOW64\mshta.exe (ID 5004 |ParentID 1624)
C:\Windows\SysWOW64\mshta.exe (ID 5020 |ParentID 1624)
C:\Windows\system32\svchost.exe (ID 2808 |ParentID 572)
C:\Windows\SysWOW64\WScript.exe (ID 6024 |ParentID 5004)
C:\Windows\system32\DllHost.exe (ID 5060 |ParentID 744)
C:\Windows\SysWOW64\WScript.exe (ID 5296 |ParentID 5020)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 5884 |ParentID 4172)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 6092 |ParentID 5884)
C:\Windows\System32\WUDFHost.exe (ID 4812 |ParentID 168)
C:\Program Files (x86)\Windows Media Player\wmplayer.exe (ID 5808 |ParentID 1624)
C:\Windows\system32\svchost.exe (ID 4944 |ParentID 572)
C:\UsbFix\Go.exe (ID 4108 |ParentID 3624)
C:\Windows\system32\DllHost.exe (ID 3492 |ParentID 744)
C:\Users\Public\Intel(R)Pl5.exe (ID 6864 |ParentID 6024)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE | Run : [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE\wow6432Node | Run : [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Anne-Laure\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Anne-Laure\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [bEWm2wMR] - wscript.exe //B "C:\Users\ANNE-L~1\AppData\Local\Temp\bEWm2wMR.vbs"
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [Intel(R)Bl4] - C:\Users\Public\Intel(R)Bl.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

################## | à‰léments infectieux |

Présent! G:\bEWm2wMR.vbs
Présent! C:\Users\ANNE-L~1\AppData\Local\Temp\bEWm2wMR.vbs
Présent! C:\Users\Anne-Laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bEWm2wMR.vbs
Présent! C:\Users\Anne-Laure\AppData\Roaming\0C2191E4\ak.tmp
Présent! C:\Users\Anne-Laure\AppData\Roaming\0C2191E4
Présent! G:\M1.lnk
Présent! G:\Nouveau dossier.lnk
Présent! G:\System Volume Information.lnk
Présent! C:\Users\Public\9eizmmD.vbe
Présent! C:\Users\Public\9stziemD.VBE
Présent! C:\Users\Public\Intel(R)Bl.exe
Présent! C:\Users\Public\Intel(R)Pl5.exe
Présent! C:\Users\Anne-Laure\AppData\Roaming\Anne-Laure-wchelper.dll
Présent! C:\Users\Anne-Laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iz710bclD.lnk
Présent! C:\Users\Anne-Laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Bl.exe
Présent! C:\Users\ANNE-L~1\AppData\Local\Temp\Anne-Laure7
Présent! C:\Users\ANNE-L~1\AppData\Local\Temp\Anne-Laure8
Présent! C:\Users\ANNE-L~1\AppData\Local\Temp\vf01.hta
Présent! C:\Users\ANNE-L~1\AppData\Local\Temp\yh.hta
Présent! C:\Users\Anne-Laure\AppData\Local\Temp\bEWm2wMR.vbs

################## | Registre |

Présent! HKU\S-1-5-21-1206609475-1614017735-952486975-1000\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Présent! HKU\S-1-5-21-1206609475-1614017735-952486975-1000\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Présent! HKU\S-1-5-21-1206609475-1614017735-952486975-1000\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Présent! HKU\S-1-5-21-1206609475-1614017735-952486975-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
HKCU\.\.\.\.\Explorer\MountPoints2\G
Shell\AutoRun\Command = G:\autorunner.exe "contenu cle\votrekitsecu.htm"

HKCU\.\.\.\.\Explorer\MountPoints2\{1318bacc-aba8-11e1-9e7f-c80aa945e5a8}
Shell\AutoRun\Command = H:\autorunner.exe "contenu cle\votrekitsecu.htm"

HKCU\.\.\.\.\Explorer\MountPoints2\{7abb6f41-cf8b-11df-8fd2-c80aa945e5a8}
Shell\AutoRun\Command = G:\Memorybar.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{c8d82aa1-23ff-11e1-8c84-c80aa945e5a8}
Shell\AutoRun\Command = G:\autorunner.exe "contenu cle\votrekitsecu.htm"



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
2- Rapport de suppression
Code: Tout sélectionner
############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Anne-Laure (Administrateur) # ANNE-LAURE-PC
Mis à jour le 08/10/2013 par El Desaparecido - Team SosVirus
Lancé à 06:31:40 | 11/10/2013

Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: Hewlett-Packard (1426)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3958 | Free : 1768]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 453 Go (85 Go libre(s) - 19%) [] # NTFS
D:\ -> Disque fixe # 13 Go (2 Go libre(s) - 16%) [RECOVERY] # NTFS
E:\ -> Disque fixe # 99 Mo (95 Mo libre(s) - 96%) [HP_TOOLS] # FAT32
F:\ -> CD-ROM
G:\ -> Disque amovible # 249 Mo (226 Mo libre(s) - 91%) [] # NTFS

################## | Regedit Run |

HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE | Run : [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM\SOFTWARE\wow6432Node | Run : [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE\wow6432Node | Run : [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Anne-Laure\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Anne-Laure\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [bEWm2wMR] - wscript.exe //B "C:\Users\ANNE-L~1\AppData\Local\Temp\bEWm2wMR.vbs"
HKU\S-1-5-21-1206609475-1614017735-952486975-1000\SOFTWARE | Run : [Intel(R)Bl4] - C:\Users\Public\Intel(R)Bl.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

################## | Processus Stoppés |

Stoppé! c:\Program Files\Microsoft Security Client\MsMpEng.exe (ID 888 |ParentID 572)
Stoppé! C:\Windows\system32\atiesrxx.exe (ID 980 |ParentID 572)
Stoppé! C:\Windows\System32\spoolsv.exe (ID 1456 |ParentID 572)
Stoppé! C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (ID 1668 |ParentID 572)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 1692 |ParentID 572)
Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (ID 1716 |ParentID 572)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID 1804 |ParentID 572)
Stoppé! C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe (ID 1856 |ParentID 572)
Stoppé! C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (ID 1880 |ParentID 572)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 1904 |ParentID 572)
Stoppé! C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID 1952 |ParentID 572)
Stoppé! C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (ID 1988 |ParentID 572)
Stoppé! C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe (ID 1052 |ParentID 572)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 2120 |ParentID 572)
Stoppé! c:\Program Files\Microsoft Security Client\NisSrv.exe (ID 2564 |ParentID 572)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID 2752 |ParentID 572)
Stoppé! C:\Windows\system32\atieclxx.exe (ID 3020 |ParentID 980)
Stoppé! C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick-connector.exe (ID 1712 |ParentID 1856)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID 1168 |ParentID 572)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 2944 |ParentID 572)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 2360 |ParentID 572)
Stoppé! C:\Windows\system32\taskhost.exe (ID 3640 |ParentID 572)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 1148 |ParentID 1624)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (ID 3248 |ParentID 1624)
Stoppé! C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (ID 3488 |ParentID 1624)
Stoppé! C:\Program Files\Java\jre6\bin\jusched.exe (ID 3924 |ParentID 1624)
Stoppé! C:\Program Files\Microsoft Security Client\msseces.exe (ID 1784 |ParentID 1624)
Stoppé! C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (ID 2108 |ParentID 1624)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (ID 3748 |ParentID 1624)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (ID 3552 |ParentID 1624)
Stoppé! C:\Windows\System32\StikyNot.exe (ID 692 |ParentID 1624)
Stoppé! C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID 1140 |ParentID 3224)
Stoppé! C:\Users\Anne-Laure\AppData\Roaming\cacaoweb\cacaoweb.exe (ID 3252 |ParentID 1624)
Stoppé! C:\Windows\System32\wscript.exe (ID 992 |ParentID 1624)
Stoppé! C:\Users\Anne-Laure\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID 3392 |ParentID 1624)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (ID 4256 |ParentID 3120)
Stoppé! C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (ID 4272 |ParentID 3120)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ID 4284 |ParentID 3120)
Stoppé! C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID 4356 |ParentID 3120)
Stoppé! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID 4364 |ParentID 3120)
Stoppé! C:\Windows\SysWOW64\explorer.exe (ID 4840 |ParentID 4404)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (ID 4916 |ParentID 572)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (ID 3184 |ParentID 572)
Stoppé! C:\Users\Public\Intel(R)Bl.exe (ID 3912 |ParentID 4404)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (ID 5244 |ParentID 572)
Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 5512 |ParentID 572)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (ID 5596 |ParentID 744)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (ID 5632 |ParentID 5596)
Stoppé! C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (ID 6140 |ParentID 1624)
Stoppé! C:\Windows\SysWOW64\mshta.exe (ID 5004 |ParentID 1624)
Stoppé! C:\Windows\SysWOW64\mshta.exe (ID 5020 |ParentID 1624)
Stoppé! C:\Windows\SysWOW64\WScript.exe (ID 6024 |ParentID 5004)
Stoppé! C:\Windows\system32\DllHost.exe (ID 5060 |ParentID 744)
Stoppé! C:\Windows\SysWOW64\WScript.exe (ID 5296 |ParentID 5020)
Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 5884 |ParentID 4172)
Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 6092 |ParentID 5884)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID 4812 |ParentID 168)
Stoppé! C:\Windows\SysWOW64\NOTEPAD.EXE (ID 7068 |ParentID 4108)
Stoppé! C:\Users\Public\Intel(R)Pl5.exe (ID 6476 |ParentID 6440)

################## | à‰léments infectieux |

Supprimé! G:\bEWm2wMR.vbs
Supprimé! C:\Users\ANNE-L~1\AppData\Local\Temp\bEWm2wMR.vbs
Supprimé! C:\Users\Anne-Laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bEWm2wMR.vbs
Supprimé! C:\Users\Anne-Laure\AppData\Roaming\0C2191E4\ak.tmp
Supprimé! C:\Users\Anne-Laure\AppData\Roaming\0C2191E4
Supprimé! G:\M1.lnk
Supprimé! G:\Nouveau dossier.lnk
Supprimé! G:\System Volume Information.lnk
Supprimé! C:\Users\Public\9eizmmD.vbe
Supprimé! C:\Users\Public\9stziemD.VBE
Supprimé! C:\Users\Public\Intel(R)Bl.exe
Supprimé! C:\Users\Public\Intel(R)Pl5.exe
Supprimé! C:\Users\Anne-Laure\AppData\Roaming\Anne-Laure-wchelper.dll
Supprimé! C:\Users\Anne-Laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iz710bclD.lnk
Supprimé! C:\Users\Anne-Laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R)Bl.exe
Supprimé! C:\Users\ANNE-L~1\AppData\Local\Temp\Anne-Laure7
Supprimé! C:\Users\ANNE-L~1\AppData\Local\Temp\Anne-Laure8
Supprimé! C:\Users\ANNE-L~1\AppData\Local\Temp\vf01.hta
Supprimé! C:\Users\ANNE-L~1\AppData\Local\Temp\yh.hta

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKU\S-1-5-21-1206609475-1614017735-952486975-1000\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Supprimé! HKU\S-1-5-21-1206609475-1614017735-952486975-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\G
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{1318bacc-aba8-11e1-9e7f-c80aa945e5a8}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{7abb6f41-cf8b-11df-8fd2-c80aa945e5a8}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{c8d82aa1-23ff-11e1-8c84-c80aa945e5a8}

################## | Listing |

[17/06/2012 - 10:49:57 | SHD ] C:\$Recycle.Bin
[01/12/2012 - 00:24:51 | N | 704793] C:\bdlog.txt
[24/01/2010 - 03:18:08 | SHD ] C:\boot
[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
[13/11/2010 - 12:11:57 | D ] C:\Dalloz
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[11/10/2013 - 03:16:22 | ASH | 3112587264] C:\hiberfil.sys
[24/03/2010 - 02:05:19 | D ] C:\HP
[25/02/2013 - 12:55:43 | D ] C:\Kreapixel
[11/10/2013 - 03:16:53 | N | 115] C:\log2.txt
[02/12/2006 - 00:37:14 | N | 904704] C:\msdia80.dll
[23/01/2010 - 15:55:49 | RHD ] C:\MSOCache
[11/10/2013 - 03:16:22 | ASH | 4150116352] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[01/02/2013 - 21:30:18 | D ] C:\Program Files
[11/10/2013 - 06:24:08 | D ] C:\Program Files (x86)
[11/10/2013 - 04:51:02 | HD ] C:\ProgramData
[18/07/2010 - 09:56:33 | SHD ] C:\Recovery
[06/03/2012 - 21:00:09 | D ] C:\SwSetup
[11/10/2013 - 06:14:40 | SHD ] C:\System Volume Information
[18/07/2010 - 09:56:37 | D ] C:\SYSTEM.SAV
[11/10/2013 - 06:33:00 | D ] C:\UsbFix
[11/10/2013 - 06:34:26 | A | 13243] C:\UsbFix [Clean 2] ANNE-LAURE-PC.txt
[11/10/2013 - 06:30:22 | N | 14378] C:\UsbFix [Scan 1] ANNE-LAURE-PC.txt
[27/06/2012 - 21:02:53 | N | 488] C:\user.js
[25/10/2010 - 22:05:05 | RD ] C:\Users
[11/10/2013 - 04:57:56 | D ] C:\Windows
[18/07/2010 - 10:03:29 | SHD ] D:\$RECYCLE.BIN
[18/07/2010 - 10:03:25 | SHD ] D:\boot
[14/07/2009 - 20:39:00 | ASH | 383562] D:\bootmgr
[18/07/2010 - 10:03:25 | N | 0] D:\BT_HP.FLG
[24/03/2010 - 11:40:17 | N | 483] D:\CSP.DAT
[24/03/2010 - 11:48:08 | N | 12036] D:\DeployRp.log
[18/07/2010 - 10:03:25 | D ] D:\hp
[06/03/2012 - 20:44:29 | N | 19] D:\HPSF_Rep.txt
[20/09/2010 - 19:40:39 | N | 8] D:\HP_WSD.dat
[18/07/2010 - 10:03:25 | N | 22] D:\language.ini
[18/07/2010 - 10:03:25 | SHD ] D:\preload
[18/07/2010 - 10:03:25 | SD ] D:\Recovery
[24/03/2010 - 11:48:04 | N | 0] D:\RPCONFIG.LOG
[11/09/2010 - 11:30:20 | SHD ] D:\System Volume Information
[18/07/2010 - 10:03:26 | D ] D:\system.sav
[20/09/2010 - 19:40:40 | N | 8] E:\HP_WSD.dat
[24/03/2010 - 00:50:58 | D ] E:\Hewlett-Packard
[18/07/2010 - 10:03:30 | SHD ] E:\$RECYCLE.BIN
[06/03/2012 - 19:44:30 | N | 19] E:\HPSF_Rep.txt
[11/10/2013 - 05:45:58 | DC ] G:\M1
[11/10/2013 - 05:56:07 | DC ] G:\Nouveau dossier
[11/10/2013 - 06:00:36 | SHD ] G:\System Volume Information

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |

    Salut , :p: Oui je veux bien! :) Si cela peut f[…]

    Suspicion de virus crypto

    Ok bonne route :)

    Problème avec Adsfix

    bonsoir ok , à te lire prochainement :)

    suspicion de contamination

    ok très bien, merci