dossier en format racourcis 2013-10-30T16:47:02+00:00
6 sujets de 1 à 6 (sur un total de 6)
  • Auteur
    Messages
  • leuzhp
    Participant
    Nombre d'articles : 3

    ############################## | UsbFix V 7.146 | [Recherche]

    Utilisateur: hp (Administrateur) # HP-PC
    Mis à jour le 28/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 10:12:37 | 30/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (1439)
    CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
    RAM -> [Total : 2486 | Free : 612]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 30.0.1599.101

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: AVG Anti-Virus Free [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 244 Go (99 Go libre(s) – 40%) [] # NTFS
    D: -> Disque fixe # 222 Go (28 Go libre(s) – 13%) [Disque Local] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [] # FAT32
    G: -> Disque amovible # 2 Go (297 Mo libre(s) – 16%) [] # FAT

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 380 |ParentID: 368)
    C:Windowssystem32wininit.exe (ID: 424 |ParentID: 368)
    C:Windowssystem32csrss.exe (ID: 432 |ParentID: 416)
    C:Program FilesAVGAVG9avgchsvx.exe (ID: 444 |ParentID: 424)
    C:Program FilesAVGAVG9avgrsx.exe (ID: 452 |ParentID: 424)
    C:Windowssystem32services.exe (ID: 528 |ParentID: 424)
    C:Windowssystem32lsass.exe (ID: 540 |ParentID: 424)
    C:Windowssystem32lsm.exe (ID: 548 |ParentID: 424)
    C:Program FilesAVGAVG9avgcsrvx.exe (ID: 664 |ParentID: 452)
    C:Windowssystem32svchost.exe (ID: 680 |ParentID: 528)
    C:Windowssystem32winlogon.exe (ID: 924 |ParentID: 416)
    C:Windowssystem32svchost.exe (ID: 996 |ParentID: 528)
    C:WindowsSystem32svchost.exe (ID: 1080 |ParentID: 528)
    C:WindowsSystem32svchost.exe (ID: 1144 |ParentID: 528)
    C:Windowssystem32svchost.exe (ID: 1168 |ParentID: 528)
    C:Windowssystem32svchost.exe (ID: 1316 |ParentID: 528)
    C:Windowssystem32svchost.exe (ID: 1424 |ParentID: 528)
    C:Windowssystem32WLANExt.exe (ID: 1516 |ParentID: 1144)
    C:Windowssystem32conhost.exe (ID: 1524 |ParentID: 380)
    C:WindowsSystem32spoolsv.exe (ID: 1612 |ParentID: 528)
    C:Windowssystem32svchost.exe (ID: 1640 |ParentID: 528)
    C:Program FilesE-EXPRESSDataCardService.exe (ID: 1784 |ParentID: 528)
    C:Program FilesE-EXPRESSBGService.exe (ID: 1816 |ParentID: 1784)
    C:Program FilesAVGAVG9avgwdsvc.exe (ID: 1828 |ParentID: 528)
    C:Windowssystem32svchost.exe (ID: 1960 |ParentID: 528)
    C:Windowssystem32Dwm.exe (ID: 2560 |ParentID: 1144)
    C:WindowsExplorer.EXE (ID: 2612 |ParentID: 2544)
    C:Windowssystem32taskhost.exe (ID: 2640 |ParentID: 528)
    C:Program FilesAVGAVG9avgnsx.exe (ID: 2864 |ParentID: 1828)
    C:WindowsSystem32igfxtray.exe (ID: 3172 |ParentID: 2612)
    C:WindowsSystem32hkcmd.exe (ID: 3180 |ParentID: 2612)
    C:WindowsSystem32igfxpers.exe (ID: 3192 |ParentID: 2612)
    C:Program FilesAVGAVG9avgtray.exe (ID: 3272 |ParentID: 2612)
    C:WindowsSystem32wscript.exe (ID: 3332 |ParentID: 2612)
    C:WindowsSystem32StikyNot.exe (ID: 3372 |ParentID: 2612)
    C:Program FilesSkypePhoneSkype.exe (ID: 3392 |ParentID: 2612)
    C:Program FilesMicro Application38 Dictionnaires et Recueils de CorrespondanceMediaDico38.exe (ID: 3488 |ParentID: 3360)
    C:Windowssystem32SearchIndexer.exe (ID: 3620 |ParentID: 528)
    C:Program FilesMicro Application38 Dictionnaires et Recueils de CorrespondanceRAC38.exe (ID: 3844 |ParentID: 3360)
    C:Windowssystem32svchost.exe (ID: 2452 |ParentID: 528)
    C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.0.12ToolbarUpdater.exe (ID: 3200 |ParentID: 528)
    C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.0.12loggingserver.exe (ID: 676 |ParentID: 3200)
    C:Windowssystem32conhost.exe (ID: 3684 |ParentID: 380)
    C:Program FilesAVG Secure Searchvprot.exe (ID: 3868 |ParentID: 3144)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3148 |ParentID: 528)
    C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 2528 |ParentID: 528)
    C:Program FilesMicrosoft OfficeOffice14WINWORD.EXE (ID: 5532 |ParentID: 2612)
    C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 5428 |ParentID: 628)
    C:Program FilesAdobeReader 9.0ReaderAcroRd32.exe (ID: 4932 |ParentID: 2612)
    C:Program FilesMicrosoft OfficeOffice14WINWORD.EXE (ID: 2324 |ParentID: 5532)
    C:Program FilesMicrosoft OfficeOffice14POWERPNT.EXE (ID: 3344 |ParentID: 2612)
    C:Windowssystem32svchost.exe (ID: 3920 |ParentID: 528)
    C:Windowssystem32wbemwmiprvse.exe (ID: 6628 |ParentID: 680)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 7788 |ParentID: 2612)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4728 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5604 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5592 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 296 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5844 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3316 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2828 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5432 |ParentID: 7788)
    C:Program FilesVideoLANVLCvlc.exe (ID: 4568 |ParentID: 2612)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4712 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6412 |ParentID: 7788)
    C:WindowsservicingTrustedInstaller.exe (ID: 8008 |ParentID: 528)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2288 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3232 |ParentID: 7788)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6320 |ParentID: 7788)
    C:WindowsSystem32WUDFHost.exe (ID: 6296 |ParentID: 1144)
    C:Windowssystem32wuauclt.exe (ID: 1252 |ParentID: 1168)
    C:Windowssystem32wuauclt.exe (ID: 4968 |ParentID: 1168)
    C:Windowssystem32msiexec.exe (ID: 2144 |ParentID: 528)
    C:Windowssystem32vssvc.exe (ID: 6748 |ParentID: 528)
    C:WindowsSystem32svchost.exe (ID: 4288 |ParentID: 528)
    C:UsbFixGo.exe (ID: 5244 |ParentID: 7444)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4256 |ParentID: 680)
    C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (ID: 1112 |ParentID: 528)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
    HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
    HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
    HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [AVG9_TRAY] – C:PROGRA~1AVGAVG9avgtray.exe
    HKLMSOFTWARE | Run : [vProt] – “C:Program FilesAVG Secure Searchvprot.exe”
    HKLMSOFTWARE | Run : [rbuhhdgpds] – wscript.exe //B “C:UsershpAppDataLocalTemprbuhhdgpds..vbs”
    HKLMSOFTWARE | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [MediaDICO38] – C:Program FilesMicro Application38 Dictionnaires et Recueils de CorrespondanceLanceMediaDICO38.exe Lancement
    HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [rbuhhdgpds] – wscript.exe //B “C:UsershpAppDataLocalTemprbuhhdgpds..vbs”
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | Référence de comparaison MD5 |

    Md5 : 20e33ba092ae2c3c0c8ed0b097004f25 -> C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuprbuhhdgpds..vbs
    Md5 : DENIED -> C:UsershpAppDataLocalTemprbuhhdgpds..vbs
    Md5 : 20e33ba092ae2c3c0c8ed0b097004f25 -> F:rbuhhdgpds..vbs
    Md5 : 20e33ba092ae2c3c0c8ed0b097004f25 -> G:rbuhhdgpds..vbs

    ################## | Recherche générique |

    Présent! F:rbuhhdgpds..vbs
    Présent! G:rbuhhdgpds..vbs
    Présent! C:UsershpAppDataLocalTemprbuhhdgpds..vbs
    Présent! C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuprbuhhdgpds..vbs
    Présent! F:passeport babacar.lnk
    Présent! G:outlawracing_no_n73.lnk
    Présent! G:DCIM.lnk
    Présent! G:Images.lnk
    Présent! G:Videos.lnk
    Présent! G:Sounds.lnk
    Présent! G:Others.lnk
    Présent! G:Games & Applications.lnk
    Présent! G:Documents.lnk
    Présent! G:Imsifolder.lnk
    Présent! G:GFS_TMP.lnk

    ################## | Comparaison MD5 |

    Présent! Md5 : 20E33BA092AE2C3C0C8ED0B097004F25 -> C:UsershpAppDataLocalTemprbuhhdgpds..vbs
    Présent! Md5 : 20E33BA092AE2C3C0C8ED0B097004F25 -> C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuprbuhhdgpds..vbs
    Présent! Md5 : 20E33BA092AE2C3C0C8ED0B097004F25 -> F:rbuhhdgpds..vbs
    Présent! Md5 : 20E33BA092AE2C3C0C8ED0B097004F25 -> G:rbuhhdgpds..vbs

    ################## | Registre |

    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 0
    Présent! HKUS-1-5-21-2449563262-3994739718-1579564867-1000SoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKUS-1-5-21-2449563262-3994739718-1579564867-1000SoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKUS-1-5-21-2449563262-3994739718-1579564867-1000SoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKUS-1-5-21-2449563262-3994739718-1579564867-1000SoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    hello relance l’outil , clique sur suppression puis poste le rapport c:usbfix[clean 1].txt en fin de travail

    leuzhp
    Participant
    Nombre d'articles : 3

    ############################## | UsbFix V 7.146 | [Suppression]

    Utilisateur: hp (Administrateur) # HP-PC
    Mis à jour le 28/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 17:04:33 | 30/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (1439)
    CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
    RAM -> [Total : 2486 | Free : 849]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 30.0.1599.101

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: AVG Anti-Virus Free [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 244 Go (98 Go libre(s) – 40%) [] # NTFS
    D: -> Disque fixe # 222 Go (28 Go libre(s) – 13%) [Disque Local] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAVGAVG9avgchsvx.exe (ID: 444 |ParentID: 424)
    Stoppé! C:Program FilesAVGAVG9avgrsx.exe (ID: 452 |ParentID: 424)
    Stoppé! C:Program FilesAVGAVG9avgcsrvx.exe (ID: 664 |ParentID: 452)
    Stoppé! C:Windowssystem32WLANExt.exe (ID: 1516 |ParentID: 1144)
    Stoppé! C:Windowssystem32conhost.exe (ID: 1524 |ParentID: 380)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1612 |ParentID: 528)
    Stoppé! C:Program FilesE-EXPRESSDataCardService.exe (ID: 1784 |ParentID: 528)
    Stoppé! C:Program FilesE-EXPRESSBGService.exe (ID: 1816 |ParentID: 1784)
    Stoppé! C:Program FilesAVGAVG9avgwdsvc.exe (ID: 1828 |ParentID: 528)
    Stoppé! C:WindowsExplorer.EXE (ID: 2612 |ParentID: 2544)
    Stoppé! C:Windowssystem32taskhost.exe (ID: 2640 |ParentID: 528)
    Stoppé! C:Program FilesAVGAVG9avgnsx.exe (ID: 2864 |ParentID: 1828)
    Stoppé! C:WindowsSystem32igfxtray.exe (ID: 3172 |ParentID: 2612)
    Stoppé! C:WindowsSystem32hkcmd.exe (ID: 3180 |ParentID: 2612)
    Stoppé! C:WindowsSystem32igfxpers.exe (ID: 3192 |ParentID: 2612)
    Stoppé! C:Program FilesAVGAVG9avgtray.exe (ID: 3272 |ParentID: 2612)
    Stoppé! C:WindowsSystem32wscript.exe (ID: 3332 |ParentID: 2612)
    Stoppé! C:WindowsSystem32StikyNot.exe (ID: 3372 |ParentID: 2612)
    Stoppé! C:Program FilesSkypePhoneSkype.exe (ID: 3392 |ParentID: 2612)
    Stoppé! C:Program FilesMicro Application38 Dictionnaires et Recueils de CorrespondanceMediaDico38.exe (ID: 3488 |ParentID: 3360)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3620 |ParentID: 528)
    Stoppé! C:Program FilesMicro Application38 Dictionnaires et Recueils de CorrespondanceRAC38.exe (ID: 3844 |ParentID: 3360)
    Stoppé! C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.0.12ToolbarUpdater.exe (ID: 3200 |ParentID: 528)
    Stoppé! C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.0.12loggingserver.exe (ID: 676 |ParentID: 3200)
    Stoppé! C:Windowssystem32conhost.exe (ID: 3684 |ParentID: 380)
    Stoppé! C:Program FilesAVG Secure Searchvprot.exe (ID: 3868 |ParentID: 3144)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3148 |ParentID: 528)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 2528 |ParentID: 528)
    Stoppé! C:Program FilesMicrosoft OfficeOffice14WINWORD.EXE (ID: 5532 |ParentID: 2612)
    Stoppé! C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 5428 |ParentID: 628)
    Stoppé! C:Program FilesAdobeReader 9.0ReaderAcroRd32.exe (ID: 4932 |ParentID: 2612)
    Stoppé! C:Program FilesMicrosoft OfficeOffice14WINWORD.EXE (ID: 2324 |ParentID: 5532)
    Stoppé! C:Program FilesMicrosoft OfficeOffice14POWERPNT.EXE (ID: 3344 |ParentID: 2612)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 7788 |ParentID: 2612)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4728 |ParentID: 7788)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5592 |ParentID: 7788)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 296 |ParentID: 7788)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5844 |ParentID: 7788)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3316 |ParentID: 7788)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2828 |ParentID: 7788)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5432 |ParentID: 7788)
    Stoppé! C:Program FilesVideoLANVLCvlc.exe (ID: 4568 |ParentID: 2612)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4712 |ParentID: 7788)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6412 |ParentID: 7788)
    Stoppé! C:WindowsservicingTrustedInstaller.exe (ID: 8008 |ParentID: 528)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2288 |ParentID: 7788)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3232 |ParentID: 7788)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6320 |ParentID: 7788)
    Stoppé! C:Windowssystem32wuauclt.exe (ID: 1252 |ParentID: 1168)
    Stoppé! C:Windowssystem32NOTEPAD.EXE (ID: 8172 |ParentID: 5244)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2604 |ParentID: 7788)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 7488 |ParentID: 1144)
    Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 1472 |ParentID: 680)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
    HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
    HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
    HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [AVG9_TRAY] – C:PROGRA~1AVGAVG9avgtray.exe
    HKLMSOFTWARE | Run : [vProt] – “C:Program FilesAVG Secure Searchvprot.exe”
    HKLMSOFTWARE | Run : [rbuhhdgpds] – wscript.exe //B “C:UsershpAppDataLocalTemprbuhhdgpds..vbs”
    HKLMSOFTWARE | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [MediaDICO38] – C:Program FilesMicro Application38 Dictionnaires et Recueils de CorrespondanceLanceMediaDICO38.exe Lancement
    HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    HKUS-1-5-21-2449563262-3994739718-1579564867-1000SOFTWARE | Run : [rbuhhdgpds] – wscript.exe //B “C:UsershpAppDataLocalTemprbuhhdgpds..vbs”
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | Référence de comparaison MD5 |

    Md5 : 20e33ba092ae2c3c0c8ed0b097004f25 -> C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuprbuhhdgpds..vbs
    Md5 : 20e33ba092ae2c3c0c8ed0b097004f25 -> C:UsershpAppDataLocalTemprbuhhdgpds..vbs
    Md5 : 20e33ba092ae2c3c0c8ed0b097004f25 -> F:rbuhhdgpds..vbs

    ################## | Recherche générique |

    Supprimé! C:UsershpAppDataLocalTemprbuhhdgpds..vbs
    Supprimé! C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuprbuhhdgpds..vbs

    (!) Fichiers temporaires supprimés.

    ################## | Comparaison MD5 |

    ################## | Registre |

    Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
    Supprimé! HKUS-1-5-21-2449563262-3994739718-1579564867-1000SoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|rbuhhdgpds
    Supprimé! HKUS-1-5-21-2449563262-3994739718-1579564867-1000Software….Mountpoints2{0b5afbe0-38f2-11e3-bd21-ac81122da0f9}
    Supprimé! HKUS-1-5-21-2449563262-3994739718-1579564867-1000Software….Mountpoints2{f8ded1e9-3986-11e3-8de4-ac81122da0f9}

    ################## | Listing |

    [30/10/2013 – 09:41:06 | D ] C:$AVG
    [14/10/2013 – 17:50:16 | SHD ] C:$Recycle.Bin
    [10/10/2013 – 06:24:50 | D ] C:4df4b6854e1742b0881652eac
    [10/06/2009 – 21:42:20 | N | 24] C:autoexec.bat
    [22/10/2013 – 11:02:53 | D ] C:c940205bf93d0d267328
    [10/06/2009 – 21:42:20 | N | 10] C:config.sys
    [11/10/2013 – 13:56:55 | D ] C:df03df2a6b63056efa039d56ede330c0
    [14/07/2009 – 04:53:55 | SHD ] C:Documents and Settings
    [28/10/2013 – 08:18:25 | ASH | 1954959360] C:hiberfil.sys
    [24/09/2013 – 16:51:41 | D ] C:IDE
    [25/09/2013 – 21:13:59 | D ] C:Intel
    [24/09/2013 – 16:50:58 | RHD ] C:MSOCache
    [28/10/2013 – 08:18:29 | ASH | 2606612480] C:pagefile.sys
    [14/07/2009 – 02:37:05 | D ] C:PerfLogs
    [20/10/2013 – 18:59:37 | D ] C:Program Files
    [25/10/2013 – 14:36:32 | HD ] C:ProgramData
    [14/10/2013 – 17:49:45 | SHD ] C:Recovery
    [25/09/2013 – 21:07:34 | D ] C:SwSetup
    [30/10/2013 – 09:20:03 | SHD ] C:System Volume Information
    [30/10/2013 – 17:09:33 | D ] C:UsbFix
    [30/10/2013 – 17:10:44 | A | 9869] C:UsbFix [Clean 1] HP-PC.txt
    [30/10/2013 – 09:56:31 | N | 10944] C:UsbFix [Scan 1] HP-PC.txt
    [30/10/2013 – 10:25:33 | N | 11437] C:UsbFix [Scan 2] HP-PC.txt
    [14/10/2013 – 17:49:56 | RD ] C:Users
    [30/10/2013 – 09:41:07 | D ] C:Windows
    [14/10/2013 – 16:27:35 | D ] C:Windows.old
    [14/10/2013 – 17:50:16 | SHD ] D:$RECYCLE.BIN
    [15/10/2013 – 11:35:06 | D ] D:ancien disk
    [26/09/2013 – 09:59:43 | D ] D:document
    [07/10/2013 – 17:22:17 | D ] D:f558bbfa7a6f456073cd4f67b5b3
    [14/10/2013 – 21:06:03 | D ] D:office 2010
    [26/09/2013 – 09:59:59 | D ] D:recrutement
    [24/09/2013 – 16:58:56 | SHD ] D:System Volume Information

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    tu avais branché tous tes supports amovibles ?

    leuzhp
    Participant
    Nombre d'articles : 3

    Merci pour ton aide,
    J’ai pu reccupérer les dossier qui étaient en mode raccourci mais ceux en format word refuse de s’ouvrir. Que faire please?

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    relance une suppression avec usbfix en mode sans echec

6 sujets de 1 à 6 (sur un total de 6)
  • Vous devez être connecté pour répondre à ce sujet.