- sam. 9 nov. 2013 22:46
#15650
Bonsoir,
j'ai un petit soucis sur ma clef usb je sais pas comment faire ...
en fait tout mes dossier de clef usb se transforment en raccourcis
pourriz vous m'aider s'il vous plait ? 
voici le dernier rapport
############################## | UsbFix V 7.149 | [Recherche]
Utilisateur: poe (Administrateur) # POUPOUILLE
Mis à jour le 03/11/2013 par El Desaparecido - Team SosVirus
Lancé à 22:35:40 | 09/11/2013
Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/
PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3579 | Free : 2018]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 445 Go (325 Go libre(s) - 73%) [] # NTFS
D:\ -> Disque fixe # 17 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> Disque fixe # 4 Go (1 Go libre(s) - 28%) [HP_TOOLS] # FAT32
F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [FLASH DRIVE] # FAT32
################## | Référence de comparaison MD5 |
Md5 : 9a193f949004f78f28193859be75f13b -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Md5 : DENIED -> C:\Users\poe\AppData\Local\Temp\Activator.vbs
Md5 : DENIED -> C:\Users\poe\AppData\Local\Temp\Lanceur.vbs
Md5 : 885e9eb42889ca547f4e3515dcde5d3d -> C:\Users\poe\AppData\Local\Temp\7za.exe
Md5 : 3b802f9c6dc2c19dbbd55e92ae3c7f33 -> C:\Users\poe\AppData\Local\Temp\Trojan.exe
Md5 : 9a193f949004f78f28193859be75f13b -> F:\Activator.vbs
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 400 |ParentID: 368)
C:\Windows\system32\wininit.exe (ID: 512 |ParentID: 368)
C:\Windows\system32\csrss.exe (ID: 520 |ParentID: 504)
C:\Windows\system32\services.exe (ID: 564 |ParentID: 512)
C:\Windows\system32\lsass.exe (ID: 572 |ParentID: 512)
C:\Windows\system32\lsm.exe (ID: 580 |ParentID: 512)
C:\Windows\system32\svchost.exe (ID: 696 |ParentID: 564)
C:\Windows\system32\winlogon.exe (ID: 764 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 824 |ParentID: 564)
C:\Windows\system32\atiesrxx.exe (ID: 880 |ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 952 |ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1004 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1028 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1088 |ParentID: 564)
C:\Program Files\IDT\WDM\STacSV.exe (ID: 1140 |ParentID: 564)
C:\Windows\system32\Hpservice.exe (ID: 1392 |ParentID: 564)
C:\Windows\system32\atieclxx.exe (ID: 1416 |ParentID: 880)
C:\Windows\system32\svchost.exe (ID: 1464 |ParentID: 564)
C:\Windows\system32\WLANExt.exe (ID: 1600 |ParentID: 1004)
C:\Windows\system32\conhost.exe (ID: 1612 |ParentID: 400)
C:\Windows\System32\spoolsv.exe (ID: 1696 |ParentID: 564)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1736 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1768 |ParentID: 564)
C:\Windows\system32\taskhost.exe (ID: 1984 |ParentID: 564)
C:\Windows\system32\Dwm.exe (ID: 1992 |ParentID: 1004)
C:\Windows\Explorer.EXE (ID: 2016 |ParentID: 1968)
C:\Program Files\IDT\WDM\aestsrv.exe (ID: 1328 |ParentID: 564)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 1452 |ParentID: 564)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 372 |ParentID: 564)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2116 |ParentID: 564)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 2144 |ParentID: 564)
C:\Windows\System32\ezSharedSvcHost.exe (ID: 2212 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 2264 |ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 2308 |ParentID: 564)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2444 |ParentID: 2016)
C:\Program Files\IDT\WDM\sttray.exe (ID: 2496 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (ID: 2512 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (ID: 2576 |ParentID: 2520)
C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe (ID: 2620 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (ID: 2628 |ParentID: 2520)
C:\Windows\system32\taskeng.exe (ID: 2792 |ParentID: 1088)
C:\Program Files\CyberLink\YouCam\YCMMirage.exe (ID: 2828 |ParentID: 2792)
C:\Program Files\Ask.com\Updater\Updater.exe (ID: 2868 |ParentID: 2016)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 3016 |ParentID: 2016)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3024 |ParentID: 2016)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 3032 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 3040 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID: 3048 |ParentID: 2016)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3064 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID: 3120 |ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 3188 |ParentID: 564)
C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 3228 |ParentID: 2016)
C:\Program Files\Skype\Phone\Skype.exe (ID: 3532 |ParentID: 2016)
C:\Windows\System32\wscript.exe (ID: 3540 |ParentID: 2016)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 3548 |ParentID: 2016)
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID: 3592 |ParentID: 564)
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (ID: 3868 |ParentID: 564)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 3956 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 4072 |ParentID: 564)
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID: 2108 |ParentID: 3592)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2176 |ParentID: 564)
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (ID: 2732 |ParentID: 564)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4184 |ParentID: 696)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 4204 |ParentID: 2176)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4660 |ParentID: 2408)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 4856 |ParentID: 1452)
C:\Windows\system32\conhost.exe (ID: 4888 |ParentID: 400)
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 4936 |ParentID: 564)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 5068 |ParentID: 4660)
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 5408 |ParentID: 564)
C:\Windows\system32\SearchIndexer.exe (ID: 5596 |ParentID: 564)
C:\Program Files\iPod\bin\iPodService.exe (ID: 6112 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 4132 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1332 |ParentID: 564)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 6084 |ParentID: 2856)
C:\Windows\system32\msiexec.exe (ID: 1944 |ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 7860 |ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 8140 |ParentID: 564)
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ID: 8188 |ParentID: 564)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 112 |ParentID: 564)
C:\Windows\System32\WUDFHost.exe (ID: 672 |ParentID: 1004)
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID: 5460 |ParentID: 696)
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe (ID: 3260 |ParentID: 3548)
C:\Windows\system32\taskhost.exe (ID: 6620 |ParentID: 564)
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 7888 |ParentID: 564)
C:\Users\poe\AppData\Local\Temp\Trojan.exe (ID: 6412 |ParentID: 4612)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 8380 |ParentID: 696)
C:\Windows\system32\svchost.exe (ID: 10032 |ParentID: 564)
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe (ID: 8296 |ParentID: 8688)
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (ID: 9864 |ParentID: 8296)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 2596 |ParentID: 564)
C:\Windows\system32\wuauclt.exe (ID: 628 |ParentID: 1088)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8396 |ParentID: 2016)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1560 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6076 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7728 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8620 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 9084 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7896 |ParentID: 8396)
C:\UsbFix\Go.exe (ID: 7484 |ParentID: 10132)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\SOFTWARE | Run : [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe
04 - HKLM\SOFTWARE | Run : [HPQuickWebProxy] - "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE | Run : [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE | RunOnce : [NCPluginUpdater] - "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Spotify] - "C:\Users\poe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Activator] - wscript.exe //B "C:\Users\poe\AppData\Local\Temp\Activator.vbs"
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [5cd8f17f4086744065eb0992a09e05a2] - "C:\Users\poe\AppData\Local\Temp\Trojan.exe" ..
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
Présent! C:\Users\poe\AppData\Roaming\BabMaint.exe
Présent! C:\Users\poe\AppData\Local\Temp\Activator.vbs
Présent! C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
Présent! C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Présent! F:\Activator.vbs
Présent! F:\Curriculum Vitae france.lnk
Présent! F:\Partie 1_chap2.lnk
Présent! F:\Partie1_chap3.lnk
Présent! F:\Partie 1_chap1.lnk
Présent! F:\liste des éléments.lnk
Présent! F:\Résumé 2011.lnk
Présent! F:\Thumbs.lnk
Présent! F:\desktop.lnk
Présent! F:\Â .lnk
Présent! F:\xxx.lnk
Présent! F:\autorun.lnk
Présent! F:\4#QVILEZJNBGT.lnk
Présent! C:\Users\poe\AppData\Local\Temp\Trojan.exe.tmp
Présent! C:\Users\poe\AppData\Local\Temp\Lanceur.vbs
Présent! C:\Users\poe\AppData\Local\Temp\7za.exe
Présent! C:\Users\poe\AppData\Local\Temp\Trojan.exe
Présent! D:\desktop.ini
Présent! F:\4#QVILEZJNBGT.ini
Présent! F:\autorun.inf
Présent! F:\desktop.ini
################## | Comparaison MD5 |
Présent! Md5 : 885E9EB42889CA547F4E3515DCDE5D3D -> C:\Users\poe\AppData\Local\Temp\7za.exe
Présent! Md5 : 9A193F949004F78F28193859BE75F13B -> C:\Users\poe\AppData\Local\Temp\Activator.vbs
Présent! Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Local\Temp\Trojan.exe
Présent! Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Local\Temp\xp.exe
Présent! Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
Présent! Md5 : 9A193F949004F78F28193859BE75F13B -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Présent! Md5 : 9A193F949004F78F28193859BE75F13B -> F:\Activator.vbs
################## | Registre |
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
j'ai un petit soucis sur ma clef usb je sais pas comment faire ...
en fait tout mes dossier de clef usb se transforment en raccourcis
pourriz vous m'aider s'il vous plait ? voici le dernier rapport
############################## | UsbFix V 7.149 | [Recherche]
Utilisateur: poe (Administrateur) # POUPOUILLE
Mis à jour le 03/11/2013 par El Desaparecido - Team SosVirus
Lancé à 22:35:40 | 09/11/2013
Site Web: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/
PC: Hewlett-Packard (3387)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3579 | Free : 2018]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 445 Go (325 Go libre(s) - 73%) [] # NTFS
D:\ -> Disque fixe # 17 Go (2 Go libre(s) - 11%) [Recovery] # NTFS
E:\ -> Disque fixe # 4 Go (1 Go libre(s) - 28%) [HP_TOOLS] # FAT32
F:\ -> Disque amovible # 7 Go (7 Go libre(s) - 100%) [FLASH DRIVE] # FAT32
################## | Référence de comparaison MD5 |
Md5 : 9a193f949004f78f28193859be75f13b -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Md5 : DENIED -> C:\Users\poe\AppData\Local\Temp\Activator.vbs
Md5 : DENIED -> C:\Users\poe\AppData\Local\Temp\Lanceur.vbs
Md5 : 885e9eb42889ca547f4e3515dcde5d3d -> C:\Users\poe\AppData\Local\Temp\7za.exe
Md5 : 3b802f9c6dc2c19dbbd55e92ae3c7f33 -> C:\Users\poe\AppData\Local\Temp\Trojan.exe
Md5 : 9a193f949004f78f28193859be75f13b -> F:\Activator.vbs
################## | Processus Actif |
C:\Windows\system32\csrss.exe (ID: 400 |ParentID: 368)
C:\Windows\system32\wininit.exe (ID: 512 |ParentID: 368)
C:\Windows\system32\csrss.exe (ID: 520 |ParentID: 504)
C:\Windows\system32\services.exe (ID: 564 |ParentID: 512)
C:\Windows\system32\lsass.exe (ID: 572 |ParentID: 512)
C:\Windows\system32\lsm.exe (ID: 580 |ParentID: 512)
C:\Windows\system32\svchost.exe (ID: 696 |ParentID: 564)
C:\Windows\system32\winlogon.exe (ID: 764 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 824 |ParentID: 564)
C:\Windows\system32\atiesrxx.exe (ID: 880 |ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 952 |ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 1004 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1028 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1088 |ParentID: 564)
C:\Program Files\IDT\WDM\STacSV.exe (ID: 1140 |ParentID: 564)
C:\Windows\system32\Hpservice.exe (ID: 1392 |ParentID: 564)
C:\Windows\system32\atieclxx.exe (ID: 1416 |ParentID: 880)
C:\Windows\system32\svchost.exe (ID: 1464 |ParentID: 564)
C:\Windows\system32\WLANExt.exe (ID: 1600 |ParentID: 1004)
C:\Windows\system32\conhost.exe (ID: 1612 |ParentID: 400)
C:\Windows\System32\spoolsv.exe (ID: 1696 |ParentID: 564)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1736 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1768 |ParentID: 564)
C:\Windows\system32\taskhost.exe (ID: 1984 |ParentID: 564)
C:\Windows\system32\Dwm.exe (ID: 1992 |ParentID: 1004)
C:\Windows\Explorer.EXE (ID: 2016 |ParentID: 1968)
C:\Program Files\IDT\WDM\aestsrv.exe (ID: 1328 |ParentID: 564)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 1452 |ParentID: 564)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 372 |ParentID: 564)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2116 |ParentID: 564)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 2144 |ParentID: 564)
C:\Windows\System32\ezSharedSvcHost.exe (ID: 2212 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 2264 |ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (ID: 2308 |ParentID: 564)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2444 |ParentID: 2016)
C:\Program Files\IDT\WDM\sttray.exe (ID: 2496 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (ID: 2512 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (ID: 2576 |ParentID: 2520)
C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe (ID: 2620 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (ID: 2628 |ParentID: 2520)
C:\Windows\system32\taskeng.exe (ID: 2792 |ParentID: 1088)
C:\Program Files\CyberLink\YouCam\YCMMirage.exe (ID: 2828 |ParentID: 2792)
C:\Program Files\Ask.com\Updater\Updater.exe (ID: 2868 |ParentID: 2016)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 3016 |ParentID: 2016)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3024 |ParentID: 2016)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 3032 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (ID: 3040 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (ID: 3048 |ParentID: 2016)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 3064 |ParentID: 2016)
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (ID: 3120 |ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (ID: 3188 |ParentID: 564)
C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (ID: 3228 |ParentID: 2016)
C:\Program Files\Skype\Phone\Skype.exe (ID: 3532 |ParentID: 2016)
C:\Windows\System32\wscript.exe (ID: 3540 |ParentID: 2016)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 3548 |ParentID: 2016)
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID: 3592 |ParentID: 564)
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (ID: 3868 |ParentID: 564)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 3956 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 4072 |ParentID: 564)
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (ID: 2108 |ParentID: 3592)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2176 |ParentID: 564)
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (ID: 2732 |ParentID: 564)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4184 |ParentID: 696)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 4204 |ParentID: 2176)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 4660 |ParentID: 2408)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 4856 |ParentID: 1452)
C:\Windows\system32\conhost.exe (ID: 4888 |ParentID: 400)
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 4936 |ParentID: 564)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 5068 |ParentID: 4660)
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (ID: 5408 |ParentID: 564)
C:\Windows\system32\SearchIndexer.exe (ID: 5596 |ParentID: 564)
C:\Program Files\iPod\bin\iPodService.exe (ID: 6112 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 4132 |ParentID: 564)
C:\Windows\system32\svchost.exe (ID: 1332 |ParentID: 564)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 6084 |ParentID: 2856)
C:\Windows\system32\msiexec.exe (ID: 1944 |ParentID: 564)
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (ID: 7860 |ParentID: 564)
C:\Windows\System32\svchost.exe (ID: 8140 |ParentID: 564)
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ID: 8188 |ParentID: 564)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 112 |ParentID: 564)
C:\Windows\System32\WUDFHost.exe (ID: 672 |ParentID: 1004)
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID: 5460 |ParentID: 696)
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe (ID: 3260 |ParentID: 3548)
C:\Windows\system32\taskhost.exe (ID: 6620 |ParentID: 564)
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe (ID: 7888 |ParentID: 564)
C:\Users\poe\AppData\Local\Temp\Trojan.exe (ID: 6412 |ParentID: 4612)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 8380 |ParentID: 696)
C:\Windows\system32\svchost.exe (ID: 10032 |ParentID: 564)
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe (ID: 8296 |ParentID: 8688)
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (ID: 9864 |ParentID: 8296)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 2596 |ParentID: 564)
C:\Windows\system32\wuauclt.exe (ID: 628 |ParentID: 1088)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8396 |ParentID: 2016)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1560 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6076 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7728 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8620 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 9084 |ParentID: 8396)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7896 |ParentID: 8396)
C:\UsbFix\Go.exe (ID: 7484 |ParentID: 10132)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\SOFTWARE | Run : [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe
04 - HKLM\SOFTWARE | Run : [HPQuickWebProxy] - "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
04 - HKLM\SOFTWARE | Run : [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
04 - HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [HP CoolSense] - C:\Program Files\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
04 - HKLM\SOFTWARE | Run : [Easybits Recovery] - C:\Program Files\EasyBits For Kids\ezRecover.exe
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files\Ask.com\Updater\Updater.exe"
04 - HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
04 - HKLM\SOFTWARE | Run : [HPOSD] - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE | RunOnce : [NCPluginUpdater] - "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Spotify] - "C:\Users\poe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Spotify Web Helper] - "C:\Users\poe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [Activator] - wscript.exe //B "C:\Users\poe\AppData\Local\Temp\Activator.vbs"
04 - HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\SOFTWARE | Run : [5cd8f17f4086744065eb0992a09e05a2] - "C:\Users\poe\AppData\Local\Temp\Trojan.exe" ..
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Recherche générique |
Présent! C:\Users\poe\AppData\Roaming\BabMaint.exe
Présent! C:\Users\poe\AppData\Local\Temp\Activator.vbs
Présent! C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
Présent! C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Présent! F:\Activator.vbs
Présent! F:\Curriculum Vitae france.lnk
Présent! F:\Partie 1_chap2.lnk
Présent! F:\Partie1_chap3.lnk
Présent! F:\Partie 1_chap1.lnk
Présent! F:\liste des éléments.lnk
Présent! F:\Résumé 2011.lnk
Présent! F:\Thumbs.lnk
Présent! F:\desktop.lnk
Présent! F:\Â .lnk
Présent! F:\xxx.lnk
Présent! F:\autorun.lnk
Présent! F:\4#QVILEZJNBGT.lnk
Présent! C:\Users\poe\AppData\Local\Temp\Trojan.exe.tmp
Présent! C:\Users\poe\AppData\Local\Temp\Lanceur.vbs
Présent! C:\Users\poe\AppData\Local\Temp\7za.exe
Présent! C:\Users\poe\AppData\Local\Temp\Trojan.exe
Présent! D:\desktop.ini
Présent! F:\4#QVILEZJNBGT.ini
Présent! F:\autorun.inf
Présent! F:\desktop.ini
################## | Comparaison MD5 |
Présent! Md5 : 885E9EB42889CA547F4E3515DCDE5D3D -> C:\Users\poe\AppData\Local\Temp\7za.exe
Présent! Md5 : 9A193F949004F78F28193859BE75F13B -> C:\Users\poe\AppData\Local\Temp\Activator.vbs
Présent! Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Local\Temp\Trojan.exe
Présent! Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Local\Temp\xp.exe
Présent! Md5 : 3B802F9C6DC2C19DBBD55E92AE3C7F33 -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
Présent! Md5 : 9A193F949004F78F28193859BE75F13B -> C:\Users\poe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Présent! Md5 : 9A193F949004F78F28193859BE75F13B -> F:\Activator.vbs
################## | Registre |
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Activator
Présent! HKU\S-1-5-21-1393359087-3183399950-3005852446-1001\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
pouille et :welcome: sur sosvirus,
fais ceci s'i te plaît
- Par did80