Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par Evasion60
#17742
:hello: Bonjour Dicko, et bienvenue sur SoSVirus

Télécharge UsbFix et enregistre le sur le bureau
Lien page de téléchargement: https://www.usbfix.net/?wpdmdl=3

Une fois téléchargé sur ton bureau, double-clique sur son icône
Image

Puis clique sur Exécuter pour lancer l'installation qui se fera automatiquement
Image

/!\ Branche tes supports USB, sans les ouvrir

Recherche des infections
Clique sur le bouton " Recherche "

Image

Laisse travailler l'outil
à€ la fin du scan, un rapport va s'afficher, poste-le dans ta prochaine réponse sur le forum
Le rapport est aussi sauvegardé à  la racine du disque système => C:\UsbFix [Scan X].txt
Tutoriel en images => https://www.sosvirus.net/depannages-informatique/viewtopic.php?f=204&t=3


Suppression des infections
/!\ Si blocage, désactiver temporairement l'antivirus
ou
Redémarre en mode sans échec avec prise en charge du réseau

Clique sur le bouton " Suppression "
Image

Veuillez faire un copié/collé de ce rapport sur le forum o๠vous demandez de l'aide
Rappel => Ctrl A pour sélectionner tout, Ctrl C pour copier puis Ctrl V pour coller le rapport sur le forum
Le rapport est aussi sauvegardé à  la racine du disque système => C:\UsbFix [Clean X].txt

A te lire avec les deux rapports

;)
Avatar du membre
par dicko
#17749
############################## | UsbFix V 7.147 | [Research]

User: Mr Dicko (Administrator) # FINBOG
Updated 30/10/2013 by El Desaparecido - Team SosVirus
Started at 16:51:18 | 19/11/2013

Website: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: Dell Inc. (0U695R)
CPU: Intel Pentium III Xeon processor
RAM -> [Total : 3572 | Free : 1570]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 88 Gb (30 Mb free - 34%) [] # NTFS
D:\ -> Fixed drive # 145 Gb (36 Mb free - 25%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 88%) [BACK DICKO] # FAT

################## | Reference of comparison MD5 |

Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> C:\Documents and Settings\Mr Dicko\Start Menu\Programs\Startup\provide.vbe
Md5 : DENIED -> C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\provide.vbe
Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> F:\provide.vbe

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (ID: 888 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 992 |ParentID: 888)
C:\WINDOWS\system32\services.exe (ID: 1036 |ParentID: 992)
C:\WINDOWS\system32\lsass.exe (ID: 1048 |ParentID: 992)
C:\WINDOWS\system32\svchost.exe (ID: 1200 |ParentID: 1036)
C:\WINDOWS\System32\svchost.exe (ID: 1344 |ParentID: 1036)
C:\WINDOWS\System32\WLTRYSVC.EXE (ID: 1772 |ParentID: 1036)
C:\WINDOWS\System32\bcmwltry.exe (ID: 1784 |ParentID: 1772)
C:\WINDOWS\system32\spoolsv.exe (ID: 1872 |ParentID: 1036)
c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe (ID: 1912 |ParentID: 1036)
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (ID: 304 |ParentID: 1036)
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (ID: 320 |ParentID: 1036)
C:\SunSystems4\UTILS\srvany.exe (ID: 680 |ParentID: 1036)
C:\SunSystems4\Server\CCITCP2.exe (ID: 700 |ParentID: 680)
d:\Lotus\Notes\SUService.exe (ID: 820 |ParentID: 1036)
d:\Lotus\Notes\nsd.exe (ID: 928 |ParentID: 1036)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe (ID: 1232 |ParentID: 1036)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (ID: 1364 |ParentID: 1036)
C:\WINDOWS\system32\mfevtps.exe (ID: 1452 |ParentID: 1036)
c:\mssql7\binn\sqlservr.exe (ID: 1540 |ParentID: 1036)
d:\Lotus\Notes\ntmulti.exe (ID: 1596 |ParentID: 1036)
C:\WINDOWS\system32\nvsvc32.exe (ID: 1656 |ParentID: 1036)
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 1816 |ParentID: 1036)
C:\SunSystems4\UTILS\srvany.exe (ID: 2056 |ParentID: 1036)
C:\WINDOWS\system32\svchost.exe (ID: 2076 |ParentID: 1036)
C:\SunSystems4\Server\SSMASTER.exe (ID: 2084 |ParentID: 2056)
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (ID: 2152 |ParentID: 1036)
C:\WINDOWS\Explorer.EXE (ID: 2588 |ParentID: 2484)
C:\WINDOWS\system32\WLTRAY.exe (ID: 3240 |ParentID: 2588)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (ID: 3268 |ParentID: 1036)
C:\WINDOWS\system32\rundll32.exe (ID: 3272 |ParentID: 2588)
C:\WINDOWS\system32\RUNDLL32.EXE (ID: 3280 |ParentID: 2588)
C:\Program Files\IDT\WDM\sttray.exe (ID: 3308 |ParentID: 2588)
C:\WINDOWS\system32\AESTFltr.exe (ID: 3376 |ParentID: 2588)
C:\WINDOWS\OA001Mon.exe (ID: 3396 |ParentID: 2588)
C:\Program Files\McAfee\Common Framework\udaterui.exe (ID: 3404 |ParentID: 2588)
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (ID: 3816 |ParentID: 2588)
C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe (ID: 3920 |ParentID: 2588)
C:\Program Files\McAfee\Common Framework\McTray.exe (ID: 4032 |ParentID: 3404)
C:\WINDOWS\system32\wscript.exe (ID: 2008 |ParentID: 2588)
C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (ID: 228 |ParentID: 2588)
C:\WINDOWS\system32\ctfmon.exe (ID: 264 |ParentID: 2588)
C:\Program Files\SuperCopier2\SuperCopier2.exe (ID: 288 |ParentID: 2588)
C:\Program Files\Skype\Phone\Skype.exe (ID: 364 |ParentID: 2588)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 840 |ParentID: 2588)
C:\mssql7\Binn\sqlmangr.exe (ID: 1744 |ParentID: 2588)
C:\Program Files\WinZip\WZQKPICK.EXE (ID: 2248 |ParentID: 2588)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (ID: 2468 |ParentID: 2588)
C:\WINDOWS\System32\svchost.exe (ID: 1592 |ParentID: 1036)
D:\lotus\notes\NLNOTES.EXE (ID: 3188 |ParentID: 3012)
D:\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe (ID: 3084 |ParentID: 3992)
D:\lotus\notes\ntaskldr.EXE (ID: 2988 |ParentID: 3188)
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (ID: 152 |ParentID: 2588)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 2044 |ParentID: 2588)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3388 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3304 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 5472 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 5548 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 4300 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 4748 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 5092 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 5352 |ParentID: 2044)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5628 |ParentID: 2588)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5764 |ParentID: 5628)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 4936 |ParentID: 2044)
D:\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\IEOOP.exe (ID: 5620 |ParentID: 1200)
C:\UsbFix\Go.exe (ID: 6512 |ParentID: 3512)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /installquiet
HKLM\SOFTWARE | Run : [NVHotkey] - rundll32.exe nvHotkey.dll,Start
HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\SOFTWARE | Run : [SysTrayApp] - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM\SOFTWARE | Run : [AESTFltr] - %SystemRoot%\system32\AESTFltr.exe /NoDlg
HKLM\SOFTWARE | Run : [OA001Mon] - C:\WINDOWS\OA001Mon.exe
HKLM\SOFTWARE | Run : [McAfeeUpdaterUI] - "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
HKLM\SOFTWARE | Run : [ShStatEXE] - "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE | Run : [My Web Search Bar Search Scope Monitor] - "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
HKLM\SOFTWARE | Run : [MyWebSearch Email Plugin] - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKLM\SOFTWARE | Run : [autodetect] - C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe
HKLM\SOFTWARE | Run : [provide] - wscript.exe //B "C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\provide.vbe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [SRS Premium Sound] - "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [SuperCopier2.exe] - C:\Program Files\SuperCopier2\SuperCopier2.exe
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [MyWebSearch Email Plugin] - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [Facebook Update] - "C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [Badoo Desktop] - C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [Google Update] - "C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [provide] - wscript.exe //B "C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\provide.vbe"

################## | Generic Research |

Found ! F:\provide.vbe
Found ! C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\provide.vbe
Found ! C:\Documents and Settings\Mr Dicko\Start Menu\Programs\Startup\provide.vbe
Found ! F:\~$JV JUILET 623-633.lnk
Found ! F:\~$PC14.lnk
Found ! F:\BMW.lnk
Found ! F:\SVJETLA.lnk
Found ! F:\~$CV SEPTEMBRE (51-104).lnk
Found ! F:\CV SEPTEMBRE (51-104).lnk
Found ! F:\~$PC 13.lnk
Found ! F:\~$PC 24.lnk
Found ! F:\~$JV 319-320 MARS.lnk
Found ! F:\PC 24.lnk
Found ! F:\~$PC ALEG.lnk
Found ! F:\~$COMPLEMENT JV MARS.lnk
Found ! F:\~$JV 321 MARS.lnk
Found ! F:\~$Bank Reconciliation Base Boghe JUIN 13.lnk
Found ! F:\PC ALEG.lnk
Found ! F:\~$CPLT JV MARS BASE.lnk
Found ! F:\CV 175.lnk
Found ! F:\~$M197680 LEAP Budget Food Securite Resilience FY'13 New .lnk
Found ! F:\~$DV SEPT BASE.lnk
Found ! F:\PC 06 ALEG.lnk
Found ! F:\JV SEPT 13 BASE.lnk
Found ! F:\~$CV 175.lnk
Found ! F:\~$M184139 Combined Core & Logframe Rep SEPT 12.lnk
Found ! F:\CV SEPTEMBRE 180-196.lnk
Found ! F:\~$PC 20 BASE ET PC 04 ALEG.lnk
Found ! F:\CV SEMPTEMBRE FY 13 (1-50).lnk
Found ! F:\~$FY14 Budget for Strategy Management Advisor.lnk
Found ! F:\~$cv septembre (105-151).lnk
Found ! F:\~$COMPLET CV JUILLET FY13.lnk
Found ! F:\cv septembre (105-151).lnk
Found ! F:\~$cv septembre (154-179).lnk
Found ! F:\cv septembre (154-179).lnk
Found ! F:\~$COMPLT JV SEPT BASE.lnk
Found ! F:\~$CV SALAIRE SEPT FY13.lnk
Found ! F:\~$JV APRIL 2013.lnk
Found ! F:\~$CPLT JV BASE.lnk
Found ! F:\CV SALAIRE SEPT FY13.lnk
Found ! F:\~$Bank Reconciliation Base Boghe AOUT 13.lnk
Found ! F:\Bank Reconciliation Base Boghe AOUT 13.lnk
Found ! F:\~$DV SEPT 13.lnk
Found ! F:\DV SEPT 13.lnk
Found ! F:\~$Consolidated Aging Analysis SEPT 13 (1).lnk
Found ! F:\Consolidated Aging Analysis SEPT 13 (1).lnk
Found ! F:\~$CPLT JV CLOTURE.lnk
Found ! F:\CASH TRANSF.lnk
Found ! F:\~$JV CLOTUR.lnk
Found ! F:\JV SAL AOUT-SEPT 13.lnk
Found ! F:\Scan_Pic0026.lnk
Found ! F:\JV CLOTURE.lnk
Found ! F:\JVB A FAIRE SEPT 13.lnk
Found ! F:\VIREMENT BOGHE SEPT.lnk
Found ! F:\VIREMENT BOGHE SEPT 2013 BNM NKTT FY13 - Copie - Copie.lnk
Found ! F:\~$Bank Reconciliation Base Boghe SEPT 13.lnk
Found ! F:\Bank Reconciliation Base Boghe SEPT 13 Draft.lnk
Found ! F:\Perf Eval Dicko Seidine FY'13.lnk
Found ! F:\FORM Fixed Asset Compte 811 Dar El Barka FY.lnk
Found ! F:\ACPT LISTING FIXED ASSETS OCT- SEPT 13.lnk
Found ! F:\~$FORM Fixed Asset Compte 811.lnk
Found ! F:\FORM Fixed Asset Compte 811.lnk
Found ! F:\FORM Fixed Asset Compte 812 .lnk
Found ! F:\FORM Fixed Asset Compte 811 BABABE FY.lnk
Found ! F:\DOC FINANCE FY'13.lnk
Found ! F:\FOUND.001.lnk
Found ! F:\FOUND.002.lnk
Found ! F:\FOUND.000.lnk
Found ! F:\Villa ousmane.lnk
Found ! F:\Fixed Asset.lnk
Found ! F:\DOC STAGIAIRE FIANCE.lnk
Found ! F:\LDR BRAHIM NDAO.lnk
Found ! F:\LDR Send by IDY.lnk
Found ! F:\DIK DOC.lnk
Found ! F:\Autorun.inf.lnk
Found ! C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\NEW25.tmp.exe

################## | Comparison MD5 |

Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:\Documents and Settings\Mr Dicko\Local Settings\Temp\provide.vbe
Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:\Documents and Settings\Mr Dicko\Start Menu\Programs\Startup\provide.vbe
Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> F:\provide.vbe

################## | Registry |

Found ! HKU\S-1-5-21-1177238915-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKU\S-1-5-21-1177238915-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKU\S-1-5-21-1177238915-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|provide

################## | Vaccin |

F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
Avatar du membre
par dicko
#17752
############################## | UsbFix V 7.147 | [Research]

User: Mr Dicko (Administrator) # FINBOG
Updated 30/10/2013 by El Desaparecido - Team SosVirus
Started at 16:51:18 | 19/11/2013

Website: https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact: https://www.usbfix.net/contact/

PC: Dell Inc. (0U695R)
CPU: Intel Pentium III Xeon processor
RAM -> [Total : 3572 | Free : 1570]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 88 Gb (30 Mb free - 34%) [] # NTFS
D:\ -> Fixed drive # 145 Gb (36 Mb free - 25%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 88%) [BACK DICKO] # FAT

################## | Reference of comparison MD5 |

Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> C:\Documents and Settings\Mr Dicko\Start Menu\Programs\Startup\provide.vbe
Md5 : DENIED -> C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\provide.vbe
Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> F:\provide.vbe

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (ID: 888 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 992 |ParentID: 888)
C:\WINDOWS\system32\services.exe (ID: 1036 |ParentID: 992)
C:\WINDOWS\system32\lsass.exe (ID: 1048 |ParentID: 992)
C:\WINDOWS\system32\svchost.exe (ID: 1200 |ParentID: 1036)
C:\WINDOWS\System32\svchost.exe (ID: 1344 |ParentID: 1036)
C:\WINDOWS\System32\WLTRYSVC.EXE (ID: 1772 |ParentID: 1036)
C:\WINDOWS\System32\bcmwltry.exe (ID: 1784 |ParentID: 1772)
C:\WINDOWS\system32\spoolsv.exe (ID: 1872 |ParentID: 1036)
c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe (ID: 1912 |ParentID: 1036)
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (ID: 304 |ParentID: 1036)
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (ID: 320 |ParentID: 1036)
C:\SunSystems4\UTILS\srvany.exe (ID: 680 |ParentID: 1036)
C:\SunSystems4\Server\CCITCP2.exe (ID: 700 |ParentID: 680)
d:\Lotus\Notes\SUService.exe (ID: 820 |ParentID: 1036)
d:\Lotus\Notes\nsd.exe (ID: 928 |ParentID: 1036)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe (ID: 1232 |ParentID: 1036)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (ID: 1364 |ParentID: 1036)
C:\WINDOWS\system32\mfevtps.exe (ID: 1452 |ParentID: 1036)
c:\mssql7\binn\sqlservr.exe (ID: 1540 |ParentID: 1036)
d:\Lotus\Notes\ntmulti.exe (ID: 1596 |ParentID: 1036)
C:\WINDOWS\system32\nvsvc32.exe (ID: 1656 |ParentID: 1036)
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 1816 |ParentID: 1036)
C:\SunSystems4\UTILS\srvany.exe (ID: 2056 |ParentID: 1036)
C:\WINDOWS\system32\svchost.exe (ID: 2076 |ParentID: 1036)
C:\SunSystems4\Server\SSMASTER.exe (ID: 2084 |ParentID: 2056)
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (ID: 2152 |ParentID: 1036)
C:\WINDOWS\Explorer.EXE (ID: 2588 |ParentID: 2484)
C:\WINDOWS\system32\WLTRAY.exe (ID: 3240 |ParentID: 2588)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (ID: 3268 |ParentID: 1036)
C:\WINDOWS\system32\rundll32.exe (ID: 3272 |ParentID: 2588)
C:\WINDOWS\system32\RUNDLL32.EXE (ID: 3280 |ParentID: 2588)
C:\Program Files\IDT\WDM\sttray.exe (ID: 3308 |ParentID: 2588)
C:\WINDOWS\system32\AESTFltr.exe (ID: 3376 |ParentID: 2588)
C:\WINDOWS\OA001Mon.exe (ID: 3396 |ParentID: 2588)
C:\Program Files\McAfee\Common Framework\udaterui.exe (ID: 3404 |ParentID: 2588)
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (ID: 3816 |ParentID: 2588)
C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe (ID: 3920 |ParentID: 2588)
C:\Program Files\McAfee\Common Framework\McTray.exe (ID: 4032 |ParentID: 3404)
C:\WINDOWS\system32\wscript.exe (ID: 2008 |ParentID: 2588)
C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (ID: 228 |ParentID: 2588)
C:\WINDOWS\system32\ctfmon.exe (ID: 264 |ParentID: 2588)
C:\Program Files\SuperCopier2\SuperCopier2.exe (ID: 288 |ParentID: 2588)
C:\Program Files\Skype\Phone\Skype.exe (ID: 364 |ParentID: 2588)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 840 |ParentID: 2588)
C:\mssql7\Binn\sqlmangr.exe (ID: 1744 |ParentID: 2588)
C:\Program Files\WinZip\WZQKPICK.EXE (ID: 2248 |ParentID: 2588)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (ID: 2468 |ParentID: 2588)
C:\WINDOWS\System32\svchost.exe (ID: 1592 |ParentID: 1036)
D:\lotus\notes\NLNOTES.EXE (ID: 3188 |ParentID: 3012)
D:\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe (ID: 3084 |ParentID: 3992)
D:\lotus\notes\ntaskldr.EXE (ID: 2988 |ParentID: 3188)
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (ID: 152 |ParentID: 2588)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 2044 |ParentID: 2588)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3388 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3304 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 5472 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 5548 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 4300 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 4748 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 5092 |ParentID: 2044)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 5352 |ParentID: 2044)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5628 |ParentID: 2588)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 5764 |ParentID: 5628)
C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 4936 |ParentID: 2044)
D:\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\IEOOP.exe (ID: 5620 |ParentID: 1200)
C:\UsbFix\Go.exe (ID: 6512 |ParentID: 3512)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /installquiet
HKLM\SOFTWARE | Run : [NVHotkey] - rundll32.exe nvHotkey.dll,Start
HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\SOFTWARE | Run : [SysTrayApp] - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM\SOFTWARE | Run : [AESTFltr] - %SystemRoot%\system32\AESTFltr.exe /NoDlg
HKLM\SOFTWARE | Run : [OA001Mon] - C:\WINDOWS\OA001Mon.exe
HKLM\SOFTWARE | Run : [McAfeeUpdaterUI] - "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
HKLM\SOFTWARE | Run : [ShStatEXE] - "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE | Run : [My Web Search Bar Search Scope Monitor] - "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
HKLM\SOFTWARE | Run : [MyWebSearch Email Plugin] - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKLM\SOFTWARE | Run : [autodetect] - C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe
HKLM\SOFTWARE | Run : [provide] - wscript.exe //B "C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\provide.vbe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [SRS Premium Sound] - "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [SuperCopier2.exe] - C:\Program Files\SuperCopier2\SuperCopier2.exe
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [MyWebSearch Email Plugin] - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [Facebook Update] - "C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [Badoo Desktop] - C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [Google Update] - "C:\Documents and Settings\Mr Dicko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1177238915-706699826-1801674531-1003\SOFTWARE | Run : [provide] - wscript.exe //B "C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\provide.vbe"

################## | Generic Research |

Found ! F:\provide.vbe
Found ! C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\provide.vbe
Found ! C:\Documents and Settings\Mr Dicko\Start Menu\Programs\Startup\provide.vbe
Found ! F:\~$JV JUILET 623-633.lnk
Found ! F:\~$PC14.lnk
Found ! F:\BMW.lnk
Found ! F:\SVJETLA.lnk
Found ! F:\~$CV SEPTEMBRE (51-104).lnk
Found ! F:\CV SEPTEMBRE (51-104).lnk
Found ! F:\~$PC 13.lnk
Found ! F:\~$PC 24.lnk
Found ! F:\~$JV 319-320 MARS.lnk
Found ! F:\PC 24.lnk
Found ! F:\~$PC ALEG.lnk
Found ! F:\~$COMPLEMENT JV MARS.lnk
Found ! F:\~$JV 321 MARS.lnk
Found ! F:\~$Bank Reconciliation Base Boghe JUIN 13.lnk
Found ! F:\PC ALEG.lnk
Found ! F:\~$CPLT JV MARS BASE.lnk
Found ! F:\CV 175.lnk
Found ! F:\~$M197680 LEAP Budget Food Securite Resilience FY'13 New .lnk
Found ! F:\~$DV SEPT BASE.lnk
Found ! F:\PC 06 ALEG.lnk
Found ! F:\JV SEPT 13 BASE.lnk
Found ! F:\~$CV 175.lnk
Found ! F:\~$M184139 Combined Core & Logframe Rep SEPT 12.lnk
Found ! F:\CV SEPTEMBRE 180-196.lnk
Found ! F:\~$PC 20 BASE ET PC 04 ALEG.lnk
Found ! F:\CV SEMPTEMBRE FY 13 (1-50).lnk
Found ! F:\~$FY14 Budget for Strategy Management Advisor.lnk
Found ! F:\~$cv septembre (105-151).lnk
Found ! F:\~$COMPLET CV JUILLET FY13.lnk
Found ! F:\cv septembre (105-151).lnk
Found ! F:\~$cv septembre (154-179).lnk
Found ! F:\cv septembre (154-179).lnk
Found ! F:\~$COMPLT JV SEPT BASE.lnk
Found ! F:\~$CV SALAIRE SEPT FY13.lnk
Found ! F:\~$JV APRIL 2013.lnk
Found ! F:\~$CPLT JV BASE.lnk
Found ! F:\CV SALAIRE SEPT FY13.lnk
Found ! F:\~$Bank Reconciliation Base Boghe AOUT 13.lnk
Found ! F:\Bank Reconciliation Base Boghe AOUT 13.lnk
Found ! F:\~$DV SEPT 13.lnk
Found ! F:\DV SEPT 13.lnk
Found ! F:\~$Consolidated Aging Analysis SEPT 13 (1).lnk
Found ! F:\Consolidated Aging Analysis SEPT 13 (1).lnk
Found ! F:\~$CPLT JV CLOTURE.lnk
Found ! F:\CASH TRANSF.lnk
Found ! F:\~$JV CLOTUR.lnk
Found ! F:\JV SAL AOUT-SEPT 13.lnk
Found ! F:\Scan_Pic0026.lnk
Found ! F:\JV CLOTURE.lnk
Found ! F:\JVB A FAIRE SEPT 13.lnk
Found ! F:\VIREMENT BOGHE SEPT.lnk
Found ! F:\VIREMENT BOGHE SEPT 2013 BNM NKTT FY13 - Copie - Copie.lnk
Found ! F:\~$Bank Reconciliation Base Boghe SEPT 13.lnk
Found ! F:\Bank Reconciliation Base Boghe SEPT 13 Draft.lnk
Found ! F:\Perf Eval Dicko Seidine FY'13.lnk
Found ! F:\FORM Fixed Asset Compte 811 Dar El Barka FY.lnk
Found ! F:\ACPT LISTING FIXED ASSETS OCT- SEPT 13.lnk
Found ! F:\~$FORM Fixed Asset Compte 811.lnk
Found ! F:\FORM Fixed Asset Compte 811.lnk
Found ! F:\FORM Fixed Asset Compte 812 .lnk
Found ! F:\FORM Fixed Asset Compte 811 BABABE FY.lnk
Found ! F:\DOC FINANCE FY'13.lnk
Found ! F:\FOUND.001.lnk
Found ! F:\FOUND.002.lnk
Found ! F:\FOUND.000.lnk
Found ! F:\Villa ousmane.lnk
Found ! F:\Fixed Asset.lnk
Found ! F:\DOC STAGIAIRE FIANCE.lnk
Found ! F:\LDR BRAHIM NDAO.lnk
Found ! F:\LDR Send by IDY.lnk
Found ! F:\DIK DOC.lnk
Found ! F:\Autorun.inf.lnk
Found ! C:\DOCUME~1\MRDICK~1\LOCALS~1\Temp\NEW25.tmp.exe

################## | Comparison MD5 |

Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:\Documents and Settings\Mr Dicko\Local Settings\Temp\provide.vbe
Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:\Documents and Settings\Mr Dicko\Start Menu\Programs\Startup\provide.vbe
Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> F:\provide.vbe

################## | Registry |

Found ! HKU\S-1-5-21-1177238915-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKU\S-1-5-21-1177238915-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKU\S-1-5-21-1177238915-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|provide
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|provide

################## | Vaccin |

F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net - https://www.sosvirus.net |
Avatar du membre
par Evasion60
#17754
:hello: Re Dicko

/!\ STP, soit attentif à  nos demandes / Merci ;)

Tu as posté deux fois le mode Recherche
J'attendais en second, le mode "Suppression"
Fait le, et poste son rapport

;)
PC qui lag et beaucoup de pubs

Mimisuitou N' installez pas de cracks sur votre […]

Mon pc ram

Bonjour, ce n'etait pas pour moi de base mon ami n[…]

virus ou pas

Re, Démarrez en mode sans echec, et lance[…]

Plus de nouvelles problème résolu […]