[Esteban Rando]

Bonjour a vous,
Hier j'ai lancé usb fix pour vacciner mon pc et clés usb et tant qu'on n y était j'ai fait une recherche et voila le rapport.Je précise qu'il y a quelque mois j'ai lance usb fix et il n'a rien trouvé.Je voudrais savoir si il y aurait autre chose a faire.Merci

############################## | UsbFix V 7.124 | [Recherche]

Utilisateur: manu (Administrateur) # MANU-PC
Mis à  jour le 24/04/2013 par El Desaparecido
Lancé à  22:00:49 | 29/04/2013

Site Web: https://sosvirus.org/
Upload Malware: https://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: HP-Pavilion (VN311AA-UUG HPE-010be) (x64-based PC)
CPU: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz (2668)
RAM -> [Total : 6135 | Free : 4540]
BIOS: OS Date: 09/17/09 16:12:09 Ver: 5.06
BOOT: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16540

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 921 Go (755 Go libre(s) - 82%) [HP] # NTFS
D:\ -> Disque fixe # 10 Go (2 Go libre(s) - 19%) [FACTORY_IMAGE] # NTFS
E:\ -> CD-ROM
J:\ -> Disque amovible # 4 Go (4 Go libre(s) - 98%) [USB DISK] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (504)
C:\Windows\system32\wininit.exe (564)
C:\Windows\system32\csrss.exe (584)
C:\Windows\system32\services.exe (628)
C:\Windows\system32\winlogon.exe (660)
C:\Windows\system32\lsass.exe (688)
C:\Windows\system32\lsm.exe (696)
C:\Windows\system32\svchost.exe (800)
C:\Windows\system32\nvvsvc.exe (860)
C:\Windows\system32\svchost.exe (900)
C:\Windows\System32\svchost.exe (984)
C:\Windows\System32\svchost.exe (1020)
C:\Windows\system32\svchost.exe (384)
C:\Windows\system32\svchost.exe (508)
C:\Windows\system32\svchost.exe (1036)
C:\Windows\system32\svchost.exe (1140)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1384)
C:\Windows\system32\nvvsvc.exe (1392)
C:\Windows\System32\spoolsv.exe (1468)
C:\Windows\system32\svchost.exe (1512)
C:\Windows\system32\svchost.exe (1708)
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (1804)
C:\Windows\SysWOW64\PnkBstrA.exe (1856)
C:\Windows\system32\svchost.exe (1888)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (1988)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2016)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2236)
C:\Windows\system32\taskhost.exe (2556)
C:\Windows\system32\taskeng.exe (2696)
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (2704)
C:\Windows\system32\SearchIndexer.exe (2720)
C:\Windows\system32\svchost.exe (2824)
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (2892)
C:\Windows\system32\Dwm.exe (2908)
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe (2916)
C:\Windows\Explorer.EXE (2924)
C:\Windows\servicing\TrustedInstaller.exe (2984)
C:\Windows\System32\WUDFHost.exe (3060)
C:\Program Files\Windows Sidebar\sidebar.exe (1592)
C:\Program Files\Windows Media Player\wmpnetwk.exe (3616)
C:\Windows\System32\svchost.exe (3732)
C:\Windows\system32\taskeng.exe (1364)
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (1256)
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (1316)
C:\Windows\system32\DllHost.exe (2956)
C:\Windows\system32\svchost.exe (1056)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (4396)
C:\Windows\explorer.exe (1068)
C:\Windows\system32\wbem\wmiprvse.exe (2444)
C:\UsbFix\Go.exe (4064)

################## | El Desaparecido Section |

HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1869064902-2026740602-366681729-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1869064902-2026740602-366681729-1003\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-1869064902-2026740602-366681729-1003\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | à‰léments infectieux |

Présent! J:\Thumbs.db

################## | Registre |

Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{ffd0ab75-be2e-11e1-8a7b-806e6f6e6963}
Shell\AutoRun\Command = E:\Autorun.exe



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | https://sosvirus.org |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

############################## | UsbFix V 7.124 | [Suppression]

Utilisateur: manu (Administrateur) # MANU-PC
Mis à  jour le 24/04/2013 par El Desaparecido
Lancé à  22:04:33 | 29/04/2013

Site Web: https://sosvirus.org/
Upload Malware: https://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: HP-Pavilion (VN311AA-UUG HPE-010be) (x64-based PC)
CPU: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz (2668)
RAM -> [Total : 6135 | Free : 4554]
BIOS: OS Date: 09/17/09 16:12:09 Ver: 5.06
BOOT: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16540

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 921 Go (755 Go libre(s) - 82%) [HP] # NTFS
D:\ -> Disque fixe # 10 Go (2 Go libre(s) - 19%) [FACTORY_IMAGE] # NTFS
E:\ -> CD-ROM
J:\ -> Disque amovible # 4 Go (4 Go libre(s) - 98%) [USB DISK] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1869064902-2026740602-366681729-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1869064902-2026740602-366681729-1003\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-1869064902-2026740602-366681729-1003\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\nvvsvc.exe (860)
Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1384)
Stoppé! C:\Windows\system32\nvvsvc.exe (1392)
Stoppé! C:\Windows\System32\spoolsv.exe (1468)
Stoppé! C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (1804)
Stoppé! C:\Windows\SysWOW64\PnkBstrA.exe (1856)
Stoppé! C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (1988)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2016)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2236)
Stoppé! C:\Windows\system32\taskhost.exe (2556)
Stoppé! C:\Windows\system32\taskeng.exe (2696)
Stoppé! C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (2704)
Stoppé! C:\Windows\system32\SearchIndexer.exe (2720)
Stoppé! C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (2892)
Stoppé! C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe (2916)
Stoppé! C:\Windows\System32\WUDFHost.exe (3060)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (1592)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (3616)
Stoppé! C:\Windows\system32\taskeng.exe (1364)
Stoppé! c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (1256)
Stoppé! c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (1316)
Stoppé! C:\Windows\system32\DllHost.exe (2956)
Stoppé! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (4396)
Stoppé! C:\Windows\SysWOW64\NOTEPAD.EXE (868)
Stoppé! C:\Windows\system32\taskeng.exe (3468)

################## | à‰léments infectieux |

Supprimé! J:\Thumbs.db

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{ffd0ab75-be2e-11e1-8a7b-806e6f6e6963}

################## | Listing |

[03/04/2013 - 22:32:10 | SHD ] C:\$Recycle.Bin
[11/02/2013 - 21:42:02 | N | 0] C:\autoexec.bat
[28/10/2012 - 21:18:43 | RASD ] C:\Autorun.inf
[19/04/2013 - 17:10:21 | D ] C:\Config.Msi
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[17/08/2012 - 11:02:01 | D ] C:\Drivers Backup
[29/04/2013 - 21:47:28 | ASH | 4824821760] C:\hiberfil.sys
[24/06/2012 - 11:27:33 | D ] C:\hp
[21/04/2013 - 20:33:05 | D ] C:\JRT
[02/01/2013 - 10:05:44 | D ] C:\MFT 29997
[24/06/2012 - 12:20:25 | RHD ] C:\MSOCache
[22/10/2012 - 16:02:14 | D ] C:\NVIDIA
[29/04/2013 - 21:47:31 | ASH | 6433099776] C:\pagefile.sys
[22/09/2012 - 19:34:29 | D ] C:\perflogs
[20/04/2013 - 17:08:59 | D ] C:\Program Files
[28/04/2013 - 19:21:05 | D ] C:\Program Files (x86)
[19/04/2013 - 17:10:16 | D ] C:\ProgramData
[13/03/2013 - 19:08:09 | D ] C:\RegBackup
[14/03/2013 - 18:12:09 | D ] C:\RK_Quarantine
[22/08/2012 - 17:48:50 | D ] C:\StarBurnPortable
[16/08/2012 - 15:28:20 | D ] C:\SWSetup
[29/04/2013 - 21:49:51 | SHD ] C:\System Volume Information
[29/04/2013 - 22:05:54 | D ] C:\UsbFix
[29/04/2013 - 22:06:01 | A | 5168] C:\UsbFix [Clean 2] MANU-PC.txt
[29/04/2013 - 22:03:42 | N | 4904] C:\UsbFix [Scan 3] MANU-PC.txt
[11/01/2013 - 17:40:08 | D ] C:\Users
[28/04/2013 - 21:31:55 | D ] C:\Windows
[24/06/2012 - 11:22:47 | SHD ] D:\$RECYCLE.BIN
[30/03/2013 - 19:08:57 | N | 1959] D:\AdwCleaner[S1].txt
[28/10/2012 - 21:18:43 | RASD ] D:\Autorun.inf
[03/01/2010 - 16:36:52 | SD ] D:\boot
[13/07/2009 - 19:39:00 | AS | 383562] D:\bootmgr
[24/06/2012 - 11:22:43 | N | 0] D:\BT_HP.FLG
[25/09/2009 - 07:32:44 | N | 485] D:\CSP.DAT
[25/09/2009 - 07:48:10 | N | 15347] D:\DeployRp.log
[14/03/2013 - 17:46:21 | D ] D:\ERDNT
[03/01/2010 - 16:36:52 | D ] D:\hp
[05/01/2010 - 19:11:50 | N | 0] D:\hpdrcu.prc
[24/06/2012 - 11:22:33 | N | 22] D:\language.ini
[03/01/2010 - 16:36:52 | SD ] D:\preload
[06/03/2010 - 22:17:56 | D ] D:\Program Files (x86)
[21/08/2012 - 17:32:06 | SD ] D:\Recovery
[25/09/2009 - 07:48:10 | N | 0] D:\RPCONFIG.LOG
[29/04/2013 - 21:49:51 | SHD ] D:\System Volume Information
[16/03/2013 - 12:10:48 | N | 18854] J:\page de garde TFE.docx
[16/03/2013 - 10:52:06 | N | 14024] J:\Remerciements TFE.docx
[16/03/2013 - 10:52:58 | N | 17950] J:\Table des matière TFE VRAIE.docx
[16/03/2013 - 10:56:40 | N | 20568] J:\TFE La vraie introduction.docx
[16/03/2013 - 12:06:38 | N | 298281] J:\TFE introduction.docx
[16/03/2013 - 10:32:36 | N | 14584] J:\ANNEXES TFE.docx
[16/03/2013 - 15:48:48 | N | 369133] J:\tfe.pdf
[23/04/2013 - 19:44:44 | N | 4241481] J:\Somos de Calle (Original Cartel version) - Daddy Yankee.mp3
[23/04/2013 - 19:49:46 | N | 4907708] J:\Daddy Yankee - Gasolina [Official Music Video].mp3
[23/04/2013 - 18:01:18 | N | 6485737] J:\Daddy Yankee -Lo que paso paso-[www_flvto_com].mp3
[21/04/2013 - 17:33:56 | N | 14089747] J:\la gasolina - YouTube.mp4
[13/04/2013 - 21:23:02 | N | 20063006] J:\Somos de Calle (Original Cartel version) - Daddy Yankee - YouTube.mp4
[13/04/2013 - 21:23:22 | N | 9060042] J:\Celtic Music - Legend - YouTube.mp4
[21/04/2013 - 17:31:42 | N | 28843101] J:\Celtic Music - Wolf Blood - YouTube.mp4
[23/04/2013 - 20:32:38 | N | 3252172] J:\Gusttavo Lima - Balada.mp3

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://sosvirus.org |

[H.A.W.X]

Bonjour,

Pas d'autre choses à  demandé ?

Sinon c'est ok

++

[Esteban Rando]

Non merci.
A+

[Maxence]

Bonjour,

Depuis ce week end, j'ai ce petit logiciel malveillant Facebook.vbs sur ma clé USB, mais aussi sur mon ordinateur. N'arrivant pas à  le supprimer, je suis tombé sur plusieurs sites m'indiquant de télécharger USBFIX et de vous envoyer mon rapport de scan. Le voici :

############################## | UsbFix V 7.126 | [Recherche]

Utilisateur: Maxence (Administrateur) # PC-DE-MAXENCE
Mis à  jour le 13/05/2013 par El Desaparecido
Lancé à  22:11:20 | 13/05/2013

Site Web: https://sosvirus.org/
Upload Malware: https://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: PACKARD BELL BV (EasyNote MH36) (X86-based PC)
CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz (2000)
RAM -> [Total : 2972 | Free : 1338]
BIOS: PhoenixBIOS 4.0 Release 6.1
BOOT: Normal boot

OS: Microsoft® Windows Vistaâ„¢ à‰dition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 285 Go (33 Go libre(s) - 12%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
G:\ -> Disque amovible # 2 Go (2 Go libre(s) - 100%) [] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (612)
C:\Windows\system32\csrss.exe (656)
C:\Windows\system32\wininit.exe (664)
C:\Windows\system32\winlogon.exe (720)
C:\Windows\system32\services.exe (756)
C:\Windows\system32\lsass.exe (768)
C:\Windows\system32\lsm.exe (776)
C:\Windows\system32\svchost.exe (936)
C:\Windows\system32\svchost.exe (1012)
C:\Windows\System32\svchost.exe (1060)
C:\Windows\System32\svchost.exe (1152)
C:\Windows\System32\svchost.exe (1196)
C:\Windows\system32\svchost.exe (1212)
C:\Windows\system32\svchost.exe (1352)
C:\Windows\system32\SLsvc.exe (1380)
C:\Windows\system32\svchost.exe (1444)
C:\Windows\system32\svchost.exe (1596)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1736)
C:\Windows\System32\spoolsv.exe (412)
C:\Windows\system32\svchost.exe (544)
C:\Windows\system32\taskeng.exe (812)
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (840)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1812)
C:\Program Files\Bonjour\mDNSResponder.exe (1344)
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe (252)
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe (748)
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (1348)
C:\Windows\system32\svchost.exe (2120)
C:\Windows\system32\svchost.exe (2236)
C:\Windows\System32\svchost.exe (2356)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2408)
C:\Windows\system32\SearchIndexer.exe (2536)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2628)
C:\Windows\system32\svchost.exe (2184)
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe (2496)
C:\Windows\system32\wbem\wmiprvse.exe (2620)
C:\Windows\system32\taskeng.exe (2884)
C:\Windows\system32\Dwm.exe (3004)
C:\Windows\Explorer.EXE (268)
C:\Program Files\Windows Defender\MSASCui.exe (2504)
C:\Windows\RtHDVCpl.exe (3772)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2152)
C:\Windows\System32\igfxtray.exe (1368)
C:\Windows\System32\hkcmd.exe (3472)
C:\Windows\System32\igfxpers.exe (1632)
C:\Program Files\Alwil Software\Avast5\AvastUI.exe (2248)
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (2164)
C:\Program Files\iTunes\iTunesHelper.exe (2684)
C:\Program Files\Windows Media Player\wmpnscfg.exe (2864)
C:\Program Files\Windows Media Player\wmpnetwk.exe (2544)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (3684)
C:\Windows\ehome\ehtray.exe (4000)
C:\Windows\System32\WScript.exe (1752)
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (1108)
C:\Windows\system32\wbem\unsecapp.exe (2520)
C:\Windows\system32\wbem\wmiprvse.exe (3020)
C:\Windows\system32\igfxsrvc.exe (3356)
C:\Windows\ehome\ehmsas.exe (1432)
C:\Windows\system32\SearchProtocolHost.exe (3424)
C:\Program Files\iPod\bin\iPodService.exe (3316)
C:\Windows\System32\WUDFHost.exe (3392)
C:\Program Files\Google\Chrome\Application\chrome.exe (1512)
C:\Program Files\Google\Chrome\Application\chrome.exe (6036)
C:\Program Files\Google\Chrome\Application\chrome.exe (2332)
C:\Program Files\Google\Chrome\Application\chrome.exe (3972)
C:\Program Files\Google\Chrome\Application\chrome.exe (1652)
C:\UsbFix\Go.exe (5616)
C:\Windows\system32\SearchFilterHost.exe (3308)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\SOFTWARE | Run : [RtHDVCpl] - RtHDVCpl.exe
HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [eRecoveryService] -
HKLM\SOFTWARE | Run : [Skytel] - Skytel.exe
HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [ISUSScheduler] - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
HKLM\SOFTWARE | Run : [CANAL+ CANALSAT A LA DEMANDE] - "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
HKLM\SOFTWARE | Run : [QuickTime Plugin Install] - C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
HKLM\SOFTWARE | Run : [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3345940010-4163059952-2938766593-1000\SOFTWARE | Run : [SmpcSys] - C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
HKU\S-1-5-21-3345940010-4163059952-2938766593-1000\SOFTWARE | Run : [ehTray.exe] - C:\Windows\ehome\ehTray.exe
HKU\S-1-5-21-3345940010-4163059952-2938766593-1000\SOFTWARE | Run : [ISUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKU\S-1-5-21-3345940010-4163059952-2938766593-1000\SOFTWARE | Run : [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3345940010-4163059952-2938766593-1000\SOFTWARE | Run : [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3345940010-4163059952-2938766593-1000\SOFTWARE | Run : [AdobeBridge] -
HKU\S-1-5-21-3345940010-4163059952-2938766593-1000\SOFTWARE | Run : [Facebook.vbs] - "C:\Users\Maxence\AppData\Local\Temp\Facebook.vbs"

################## | à‰léments infectieux |

Présent! C:\Users\Maxence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
Présent! C:\Users\Maxence\AppData\Local\Temp\utt26.tmp.exe
Présent! C:\Users\Maxence\AppData\Local\Temp\Facebook.vbs
Présent! G:\Facebook.vbs

################## | Registre |

Présent! HKCU|njq8
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Facebook.vbs
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SunJavaUpdateSched

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{2dfb1616-c3a4-11de-aab0-0017c4a058e3}
Shell\AutoRun\Command = 6ruaqx.exe
Shell\open\Command = 6ruaqx.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{7a85ef9d-e0ce-11de-bdff-0017c4a058e3}
Shell\AutoRun\Command = F:\pozuda/malena.exe
Shell\explore\Command = F:\pozuda/malena.exe
Shell\open\Command = F:\pozuda/malena.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{80256776-d5f5-11de-b0bd-00238bfdb598}
Shell\Autoplay\Command = auto_run.exe
Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto_run.exe
Shell\explore\Command = auto_run.exe
Shell\Open\Command = auto_run.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{80455aa1-da68-11de-81d1-00238bfdb598}
Shell\AutoRun\Command = E:\launcher.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{80455aa3-da68-11de-81d1-00238bfdb598}
Shell\AutoRun\Command = F:\nqdymj.exe
Shell\open\Command = F:\nqdymj.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{b34a9229-b57f-11de-8495-00238bfdb598}
Shell\AutoRun\Command = E:\WDSetup.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{eefe4180-cd2b-11df-b233-00238bfdb598}
Shell\AutoRun\Command = F:\LaunchU3.exe -a



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | https://sosvirus.org |



Que dois je faire maintenant?

Merci de votre aide.

Cordialement,

Maxence

[Evasion60]

Bonsoir Maxence

Merci de créer ton propre sujet, et ne pas te gréffer sur celui-ci qui est terminé !

Bonne réception