raccourcis sur dossiers et fichiers 2013-11-19T16:11:31+00:00
5 sujets de 1 à 5 (sur un total de 5)
  • Auteur
    Messages
  • dicko
    Participant
    Nombre d'articles : 3

    j4ai des raccourcis sur mes dossiers et fichiers/ USB, j’ai besoin d’aide

    Evasion60Evasion60
    Participant
    Nombre d'articles : 1559

    :hello: Bonjour Dicko, et bienvenue sur SoSVirus

    Télécharge UsbFix et enregistre le sur le bureau
    Lien page de téléchargement: https://www.sosvirus.net/telecharger/usbfix/” onclick=”window.open(this.href);return false;

    Une fois téléchargé sur ton bureau, double-clique sur son icône

    Puis clique sur Exécuter pour lancer l’installation qui se fera automatiquement

    /! Branche tes supports USB, sans les ouvrir

    Recherche des infections
    Clique sur le bouton ” Recherche

    Laisse travailler l’outil
    À la fin du scan, un rapport va s’afficher, poste-le dans ta prochaine réponse sur le forum
    Le rapport est aussi sauvegardé à la racine du disque système => C:UsbFix [Scan X].txt
    Tutoriel en images => https://www.sosvirus.net/viewtopic.php?f=204&t=3” onclick=”window.open(this.href);return false;

    Suppression des infections
    /! Si blocage, désactiver temporairement l’antivirus
    ou
    Redémarre en mode sans échec avec prise en charge du réseau

    Clique sur le bouton ” Suppression

    Veuillez faire un copié/collé de ce rapport sur le forum où vous demandez de l’aide
    Rappel => Ctrl A pour sélectionner tout, Ctrl C pour copier puis Ctrl V pour coller le rapport sur le forum
    Le rapport est aussi sauvegardé à la racine du disque système => C:UsbFix [Clean X].txt

    A te lire avec les deux rapports

    ;)

    dicko
    Participant
    Nombre d'articles : 3

    ############################## | UsbFix V 7.147 | [Research]

    User: Mr Dicko (Administrator) # FINBOG
    Updated 30/10/2013 by El Desaparecido – Team SosVirus
    Started at 16:51:18 | 19/11/2013

    Website: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Dell Inc. (0U695R)
    CPU: Intel Pentium III Xeon processor
    RAM -> [Total : 3572 | Free : 1570]
    Bios: Dell Inc.
    Boot: Normal boot

    OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
    WB: Windows Internet Explorer : 8.0.6001.18702

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Fixed drive # 88 Gb (30 Mb free – 34%) [] # NTFS
    D: -> Fixed drive # 145 Gb (36 Mb free – 25%) [DATA] # NTFS
    E: -> CD-ROM
    F: -> Removable drive # 2 Gb (2 Mb free – 88%) [BACK DICKO] # FAT

    ################## | Reference of comparison MD5 |

    Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> C:Documents and SettingsMr DickoStart MenuProgramsStartupprovide.vbe
    Md5 : DENIED -> C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe
    Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> F:provide.vbe

    ################## | Active Processes |

    C:WINDOWSSystem32smss.exe (ID: 888 |ParentID: 4)
    C:WINDOWSsystem32winlogon.exe (ID: 992 |ParentID: 888)
    C:WINDOWSsystem32services.exe (ID: 1036 |ParentID: 992)
    C:WINDOWSsystem32lsass.exe (ID: 1048 |ParentID: 992)
    C:WINDOWSsystem32svchost.exe (ID: 1200 |ParentID: 1036)
    C:WINDOWSSystem32svchost.exe (ID: 1344 |ParentID: 1036)
    C:WINDOWSSystem32WLTRYSVC.EXE (ID: 1772 |ParentID: 1036)
    C:WINDOWSSystem32bcmwltry.exe (ID: 1784 |ParentID: 1772)
    C:WINDOWSsystem32spoolsv.exe (ID: 1872 |ParentID: 1036)
    c:program filesidtdellxpm09b_6159v043wdmstacsv.exe (ID: 1912 |ParentID: 1036)
    C:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe (ID: 304 |ParentID: 1036)
    C:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe (ID: 320 |ParentID: 1036)
    C:SunSystems4UTILSsrvany.exe (ID: 680 |ParentID: 1036)
    C:SunSystems4ServerCCITCP2.exe (ID: 700 |ParentID: 680)
    d:LotusNotesSUService.exe (ID: 820 |ParentID: 1036)
    d:LotusNotesnsd.exe (ID: 928 |ParentID: 1036)
    C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe (ID: 1232 |ParentID: 1036)
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE (ID: 1364 |ParentID: 1036)
    C:WINDOWSsystem32mfevtps.exe (ID: 1452 |ParentID: 1036)
    c:mssql7binnsqlservr.exe (ID: 1540 |ParentID: 1036)
    d:LotusNotesntmulti.exe (ID: 1596 |ParentID: 1036)
    C:WINDOWSsystem32nvsvc32.exe (ID: 1656 |ParentID: 1036)
    C:Documents and SettingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID: 1816 |ParentID: 1036)
    C:SunSystems4UTILSsrvany.exe (ID: 2056 |ParentID: 1036)
    C:WINDOWSsystem32svchost.exe (ID: 2076 |ParentID: 1036)
    C:SunSystems4ServerSSMASTER.exe (ID: 2084 |ParentID: 2056)
    C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe (ID: 2152 |ParentID: 1036)
    C:WINDOWSExplorer.EXE (ID: 2588 |ParentID: 2484)
    C:WINDOWSsystem32WLTRAY.exe (ID: 3240 |ParentID: 2588)
    C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe (ID: 3268 |ParentID: 1036)
    C:WINDOWSsystem32rundll32.exe (ID: 3272 |ParentID: 2588)
    C:WINDOWSsystem32RUNDLL32.EXE (ID: 3280 |ParentID: 2588)
    C:Program FilesIDTWDMsttray.exe (ID: 3308 |ParentID: 2588)
    C:WINDOWSsystem32AESTFltr.exe (ID: 3376 |ParentID: 2588)
    C:WINDOWSOA001Mon.exe (ID: 3396 |ParentID: 2588)
    C:Program FilesMcAfeeCommon Frameworkudaterui.exe (ID: 3404 |ParentID: 2588)
    C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe (ID: 3816 |ParentID: 2588)
    C:Program FilesInternet Haut Débit MobileAutoDect.exe (ID: 3920 |ParentID: 2588)
    C:Program FilesMcAfeeCommon FrameworkMcTray.exe (ID: 4032 |ParentID: 3404)
    C:WINDOWSsystem32wscript.exe (ID: 2008 |ParentID: 2588)
    C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSoundBig_Small.exe (ID: 228 |ParentID: 2588)
    C:WINDOWSsystem32ctfmon.exe (ID: 264 |ParentID: 2588)
    C:Program FilesSuperCopier2SuperCopier2.exe (ID: 288 |ParentID: 2588)
    C:Program FilesSkypePhoneSkype.exe (ID: 364 |ParentID: 2588)
    C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 840 |ParentID: 2588)
    C:mssql7Binnsqlmangr.exe (ID: 1744 |ParentID: 2588)
    C:Program FilesWinZipWZQKPICK.EXE (ID: 2248 |ParentID: 2588)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataFacebookMessenger2.1.4814.0FacebookMessenger.exe (ID: 2468 |ParentID: 2588)
    C:WINDOWSSystem32svchost.exe (ID: 1592 |ParentID: 1036)
    D:lotusnotesNLNOTES.EXE (ID: 3188 |ParentID: 3012)
    D:lotusnotesframeworkrcpeclipsepluginscom.ibm.rcp.base_6.2.3.20110915-1350win32x86notes2.exe (ID: 3084 |ParentID: 3992)
    D:lotusnotesntaskldr.EXE (ID: 2988 |ParentID: 3188)
    C:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (ID: 152 |ParentID: 2588)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 2044 |ParentID: 2588)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3388 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3304 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5472 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5548 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 4300 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 4748 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5092 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5352 |ParentID: 2044)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5628 |ParentID: 2588)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5764 |ParentID: 5628)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 4936 |ParentID: 2044)
    D:lotusnotesframeworkrcpeclipsepluginscom.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350oswin32x86IEOOP.exe (ID: 5620 |ParentID: 1200)
    C:UsbFixGo.exe (ID: 6512 |ParentID: 3512)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [Broadcom Wireless Manager UI] – C:WINDOWSsystem32WLTRAY.exe
    HKLMSOFTWARE | Run : [NvCplDaemon] – RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
    HKLMSOFTWARE | Run : [nwiz] – nwiz.exe /installquiet
    HKLMSOFTWARE | Run : [NVHotkey] – rundll32.exe nvHotkey.dll,Start
    HKLMSOFTWARE | Run : [NvMediaCenter] – RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
    HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
    HKLMSOFTWARE | Run : [AESTFltr] – %SystemRoot%system32AESTFltr.exe /NoDlg
    HKLMSOFTWARE | Run : [OA001Mon] – C:WINDOWSOA001Mon.exe
    HKLMSOFTWARE | Run : [McAfeeUpdaterUI] – “C:Program FilesMcAfeeCommon Frameworkudaterui.exe” /StartedFromRunKey
    HKLMSOFTWARE | Run : [ShStatEXE] – “C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE” /STANDALONE
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
    HKLMSOFTWARE | Run : [My Web Search Bar Search Scope Monitor] – “C:PROGRA~1MYWEBS~1bar1.binm3SrchMn.exe” /m=2 /w /h
    HKLMSOFTWARE | Run : [MyWebSearch Email Plugin] – C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
    HKLMSOFTWARE | Run : [autodetect] – C:Program FilesInternet Haut Débit MobileAutoDect.exe
    HKLMSOFTWARE | Run : [provide] – wscript.exe //B “C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe”
    HKLMSOFTWARE | RunOnce : [] –
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [SRS Premium Sound] – “C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSoundBig_Small.exe” /hideme
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [ctfmon.exe] – C:WINDOWSsystem32ctfmon.exe
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [SuperCopier2.exe] – C:Program FilesSuperCopier2SuperCopier2.exe
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [MyWebSearch Email Plugin] – C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Facebook Update] – “C:Documents and SettingsMr DickoLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Badoo Desktop] – C:Documents and SettingsAll UsersApplication DataBadooBadoo Desktop1.6.55.1183Badoo.Desktop.exe
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Google Update] – “C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe” /c
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [provide] – wscript.exe //B “C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe”

    ################## | Generic Research |

    Found ! F:provide.vbe
    Found ! C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe
    Found ! C:Documents and SettingsMr DickoStart MenuProgramsStartupprovide.vbe
    Found ! F:~$JV JUILET 623-633.lnk
    Found ! F:~$PC14.lnk
    Found ! F:BMW.lnk
    Found ! F:SVJETLA.lnk
    Found ! F:~$CV SEPTEMBRE (51-104).lnk
    Found ! F:CV SEPTEMBRE (51-104).lnk
    Found ! F:~$PC 13.lnk
    Found ! F:~$PC 24.lnk
    Found ! F:~$JV 319-320 MARS.lnk
    Found ! F:PC 24.lnk
    Found ! F:~$PC ALEG.lnk
    Found ! F:~$COMPLEMENT JV MARS.lnk
    Found ! F:~$JV 321 MARS.lnk
    Found ! F:~$Bank Reconciliation Base Boghe JUIN 13.lnk
    Found ! F:PC ALEG.lnk
    Found ! F:~$CPLT JV MARS BASE.lnk
    Found ! F:CV 175.lnk
    Found ! F:~$M197680 LEAP Budget Food Securite Resilience FY’13 New .lnk
    Found ! F:~$DV SEPT BASE.lnk
    Found ! F:PC 06 ALEG.lnk
    Found ! F:JV SEPT 13 BASE.lnk
    Found ! F:~$CV 175.lnk
    Found ! F:~$M184139 Combined Core & Logframe Rep SEPT 12.lnk
    Found ! F:CV SEPTEMBRE 180-196.lnk
    Found ! F:~$PC 20 BASE ET PC 04 ALEG.lnk
    Found ! F:CV SEMPTEMBRE FY 13 (1-50).lnk
    Found ! F:~$FY14 Budget for Strategy Management Advisor.lnk
    Found ! F:~$cv septembre (105-151).lnk
    Found ! F:~$COMPLET CV JUILLET FY13.lnk
    Found ! F:cv septembre (105-151).lnk
    Found ! F:~$cv septembre (154-179).lnk
    Found ! F:cv septembre (154-179).lnk
    Found ! F:~$COMPLT JV SEPT BASE.lnk
    Found ! F:~$CV SALAIRE SEPT FY13.lnk
    Found ! F:~$JV APRIL 2013.lnk
    Found ! F:~$CPLT JV BASE.lnk
    Found ! F:CV SALAIRE SEPT FY13.lnk
    Found ! F:~$Bank Reconciliation Base Boghe AOUT 13.lnk
    Found ! F:Bank Reconciliation Base Boghe AOUT 13.lnk
    Found ! F:~$DV SEPT 13.lnk
    Found ! F:DV SEPT 13.lnk
    Found ! F:~$Consolidated Aging Analysis SEPT 13 (1).lnk
    Found ! F:Consolidated Aging Analysis SEPT 13 (1).lnk
    Found ! F:~$CPLT JV CLOTURE.lnk
    Found ! F:CASH TRANSF.lnk
    Found ! F:~$JV CLOTUR.lnk
    Found ! F:JV SAL AOUT-SEPT 13.lnk
    Found ! F:Scan_Pic0026.lnk
    Found ! F:JV CLOTURE.lnk
    Found ! F:JVB A FAIRE SEPT 13.lnk
    Found ! F:VIREMENT BOGHE SEPT.lnk
    Found ! F:VIREMENT BOGHE SEPT 2013 BNM NKTT FY13 – Copie – Copie.lnk
    Found ! F:~$Bank Reconciliation Base Boghe SEPT 13.lnk
    Found ! F:Bank Reconciliation Base Boghe SEPT 13 Draft.lnk
    Found ! F:Perf Eval Dicko Seidine FY’13.lnk
    Found ! F:FORM Fixed Asset Compte 811 Dar El Barka FY.lnk
    Found ! F:ACPT LISTING FIXED ASSETS OCT- SEPT 13.lnk
    Found ! F:~$FORM Fixed Asset Compte 811.lnk
    Found ! F:FORM Fixed Asset Compte 811.lnk
    Found ! F:FORM Fixed Asset Compte 812 .lnk
    Found ! F:FORM Fixed Asset Compte 811 BABABE FY.lnk
    Found ! F:DOC FINANCE FY’13.lnk
    Found ! F:FOUND.001.lnk
    Found ! F:FOUND.002.lnk
    Found ! F:FOUND.000.lnk
    Found ! F:Villa ousmane.lnk
    Found ! F:Fixed Asset.lnk
    Found ! F:DOC STAGIAIRE FIANCE.lnk
    Found ! F:LDR BRAHIM NDAO.lnk
    Found ! F:LDR Send by IDY.lnk
    Found ! F:DIK DOC.lnk
    Found ! F:Autorun.inf.lnk
    Found ! C:DOCUME~1MRDICK~1LOCALS~1TempNEW25.tmp.exe

    ################## | Comparison MD5 |

    Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:Documents and SettingsMr DickoLocal SettingsTempprovide.vbe
    Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:Documents and SettingsMr DickoStart MenuProgramsStartupprovide.vbe
    Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> F:provide.vbe

    ################## | Registry |

    Found ! HKUS-1-5-21-1177238915-706699826-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKUS-1-5-21-1177238915-706699826-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKUS-1-5-21-1177238915-706699826-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|provide

    ################## | Vaccin |

    F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    dicko
    Participant
    Nombre d'articles : 3

    ############################## | UsbFix V 7.147 | [Research]

    User: Mr Dicko (Administrator) # FINBOG
    Updated 30/10/2013 by El Desaparecido – Team SosVirus
    Started at 16:51:18 | 19/11/2013

    Website: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Dell Inc. (0U695R)
    CPU: Intel Pentium III Xeon processor
    RAM -> [Total : 3572 | Free : 1570]
    Bios: Dell Inc.
    Boot: Normal boot

    OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
    WB: Windows Internet Explorer : 8.0.6001.18702

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Fixed drive # 88 Gb (30 Mb free – 34%) [] # NTFS
    D: -> Fixed drive # 145 Gb (36 Mb free – 25%) [DATA] # NTFS
    E: -> CD-ROM
    F: -> Removable drive # 2 Gb (2 Mb free – 88%) [BACK DICKO] # FAT

    ################## | Reference of comparison MD5 |

    Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> C:Documents and SettingsMr DickoStart MenuProgramsStartupprovide.vbe
    Md5 : DENIED -> C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe
    Md5 : 4c557a0aa6f52d5a926f8b70ba0c2be6 -> F:provide.vbe

    ################## | Active Processes |

    C:WINDOWSSystem32smss.exe (ID: 888 |ParentID: 4)
    C:WINDOWSsystem32winlogon.exe (ID: 992 |ParentID: 888)
    C:WINDOWSsystem32services.exe (ID: 1036 |ParentID: 992)
    C:WINDOWSsystem32lsass.exe (ID: 1048 |ParentID: 992)
    C:WINDOWSsystem32svchost.exe (ID: 1200 |ParentID: 1036)
    C:WINDOWSSystem32svchost.exe (ID: 1344 |ParentID: 1036)
    C:WINDOWSSystem32WLTRYSVC.EXE (ID: 1772 |ParentID: 1036)
    C:WINDOWSSystem32bcmwltry.exe (ID: 1784 |ParentID: 1772)
    C:WINDOWSsystem32spoolsv.exe (ID: 1872 |ParentID: 1036)
    c:program filesidtdellxpm09b_6159v043wdmstacsv.exe (ID: 1912 |ParentID: 1036)
    C:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostControlService.exe (ID: 304 |ParentID: 1036)
    C:Program FilesBroadcom CorporationBroadcom USH Host ComponentsCVbinHostStorageService.exe (ID: 320 |ParentID: 1036)
    C:SunSystems4UTILSsrvany.exe (ID: 680 |ParentID: 1036)
    C:SunSystems4ServerCCITCP2.exe (ID: 700 |ParentID: 680)
    d:LotusNotesSUService.exe (ID: 820 |ParentID: 1036)
    d:LotusNotesnsd.exe (ID: 928 |ParentID: 1036)
    C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe (ID: 1232 |ParentID: 1036)
    C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE (ID: 1364 |ParentID: 1036)
    C:WINDOWSsystem32mfevtps.exe (ID: 1452 |ParentID: 1036)
    c:mssql7binnsqlservr.exe (ID: 1540 |ParentID: 1036)
    d:LotusNotesntmulti.exe (ID: 1596 |ParentID: 1036)
    C:WINDOWSsystem32nvsvc32.exe (ID: 1656 |ParentID: 1036)
    C:Documents and SettingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID: 1816 |ParentID: 1036)
    C:SunSystems4UTILSsrvany.exe (ID: 2056 |ParentID: 1036)
    C:WINDOWSsystem32svchost.exe (ID: 2076 |ParentID: 1036)
    C:SunSystems4ServerSSMASTER.exe (ID: 2084 |ParentID: 2056)
    C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe (ID: 2152 |ParentID: 1036)
    C:WINDOWSExplorer.EXE (ID: 2588 |ParentID: 2484)
    C:WINDOWSsystem32WLTRAY.exe (ID: 3240 |ParentID: 2588)
    C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe (ID: 3268 |ParentID: 1036)
    C:WINDOWSsystem32rundll32.exe (ID: 3272 |ParentID: 2588)
    C:WINDOWSsystem32RUNDLL32.EXE (ID: 3280 |ParentID: 2588)
    C:Program FilesIDTWDMsttray.exe (ID: 3308 |ParentID: 2588)
    C:WINDOWSsystem32AESTFltr.exe (ID: 3376 |ParentID: 2588)
    C:WINDOWSOA001Mon.exe (ID: 3396 |ParentID: 2588)
    C:Program FilesMcAfeeCommon Frameworkudaterui.exe (ID: 3404 |ParentID: 2588)
    C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe (ID: 3816 |ParentID: 2588)
    C:Program FilesInternet Haut Débit MobileAutoDect.exe (ID: 3920 |ParentID: 2588)
    C:Program FilesMcAfeeCommon FrameworkMcTray.exe (ID: 4032 |ParentID: 3404)
    C:WINDOWSsystem32wscript.exe (ID: 2008 |ParentID: 2588)
    C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSoundBig_Small.exe (ID: 228 |ParentID: 2588)
    C:WINDOWSsystem32ctfmon.exe (ID: 264 |ParentID: 2588)
    C:Program FilesSuperCopier2SuperCopier2.exe (ID: 288 |ParentID: 2588)
    C:Program FilesSkypePhoneSkype.exe (ID: 364 |ParentID: 2588)
    C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 840 |ParentID: 2588)
    C:mssql7Binnsqlmangr.exe (ID: 1744 |ParentID: 2588)
    C:Program FilesWinZipWZQKPICK.EXE (ID: 2248 |ParentID: 2588)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataFacebookMessenger2.1.4814.0FacebookMessenger.exe (ID: 2468 |ParentID: 2588)
    C:WINDOWSSystem32svchost.exe (ID: 1592 |ParentID: 1036)
    D:lotusnotesNLNOTES.EXE (ID: 3188 |ParentID: 3012)
    D:lotusnotesframeworkrcpeclipsepluginscom.ibm.rcp.base_6.2.3.20110915-1350win32x86notes2.exe (ID: 3084 |ParentID: 3992)
    D:lotusnotesntaskldr.EXE (ID: 2988 |ParentID: 3188)
    C:Program FilesMicrosoft OfficeOffice14EXCEL.EXE (ID: 152 |ParentID: 2588)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 2044 |ParentID: 2588)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3388 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 3304 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5472 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5548 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 4300 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 4748 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5092 |ParentID: 2044)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 5352 |ParentID: 2044)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5628 |ParentID: 2588)
    C:Program FilesInternet Exploreriexplore.exe (ID: 5764 |ParentID: 5628)
    C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe (ID: 4936 |ParentID: 2044)
    D:lotusnotesframeworkrcpeclipsepluginscom.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350oswin32x86IEOOP.exe (ID: 5620 |ParentID: 1200)
    C:UsbFixGo.exe (ID: 6512 |ParentID: 3512)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [Broadcom Wireless Manager UI] – C:WINDOWSsystem32WLTRAY.exe
    HKLMSOFTWARE | Run : [NvCplDaemon] – RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
    HKLMSOFTWARE | Run : [nwiz] – nwiz.exe /installquiet
    HKLMSOFTWARE | Run : [NVHotkey] – rundll32.exe nvHotkey.dll,Start
    HKLMSOFTWARE | Run : [NvMediaCenter] – RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
    HKLMSOFTWARE | Run : [SysTrayApp] – %ProgramFiles%IDTWDMsttray.exe
    HKLMSOFTWARE | Run : [AESTFltr] – %SystemRoot%system32AESTFltr.exe /NoDlg
    HKLMSOFTWARE | Run : [OA001Mon] – C:WINDOWSOA001Mon.exe
    HKLMSOFTWARE | Run : [McAfeeUpdaterUI] – “C:Program FilesMcAfeeCommon Frameworkudaterui.exe” /StartedFromRunKey
    HKLMSOFTWARE | Run : [ShStatEXE] – “C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE” /STANDALONE
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
    HKLMSOFTWARE | Run : [My Web Search Bar Search Scope Monitor] – “C:PROGRA~1MYWEBS~1bar1.binm3SrchMn.exe” /m=2 /w /h
    HKLMSOFTWARE | Run : [MyWebSearch Email Plugin] – C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
    HKLMSOFTWARE | Run : [autodetect] – C:Program FilesInternet Haut Débit MobileAutoDect.exe
    HKLMSOFTWARE | Run : [provide] – wscript.exe //B “C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe”
    HKLMSOFTWARE | RunOnce : [] –
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [SRS Premium Sound] – “C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSoundBig_Small.exe” /hideme
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [ctfmon.exe] – C:WINDOWSsystem32ctfmon.exe
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [SuperCopier2.exe] – C:Program FilesSuperCopier2SuperCopier2.exe
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [MyWebSearch Email Plugin] – C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Facebook Update] – “C:Documents and SettingsMr DickoLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Badoo Desktop] – C:Documents and SettingsAll UsersApplication DataBadooBadoo Desktop1.6.55.1183Badoo.Desktop.exe
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Google Update] – “C:Documents and SettingsMr DickoLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe” /c
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    HKUS-1-5-21-1177238915-706699826-1801674531-1003SOFTWARE | Run : [provide] – wscript.exe //B “C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe”

    ################## | Generic Research |

    Found ! F:provide.vbe
    Found ! C:DOCUME~1MRDICK~1LOCALS~1Tempprovide.vbe
    Found ! C:Documents and SettingsMr DickoStart MenuProgramsStartupprovide.vbe
    Found ! F:~$JV JUILET 623-633.lnk
    Found ! F:~$PC14.lnk
    Found ! F:BMW.lnk
    Found ! F:SVJETLA.lnk
    Found ! F:~$CV SEPTEMBRE (51-104).lnk
    Found ! F:CV SEPTEMBRE (51-104).lnk
    Found ! F:~$PC 13.lnk
    Found ! F:~$PC 24.lnk
    Found ! F:~$JV 319-320 MARS.lnk
    Found ! F:PC 24.lnk
    Found ! F:~$PC ALEG.lnk
    Found ! F:~$COMPLEMENT JV MARS.lnk
    Found ! F:~$JV 321 MARS.lnk
    Found ! F:~$Bank Reconciliation Base Boghe JUIN 13.lnk
    Found ! F:PC ALEG.lnk
    Found ! F:~$CPLT JV MARS BASE.lnk
    Found ! F:CV 175.lnk
    Found ! F:~$M197680 LEAP Budget Food Securite Resilience FY’13 New .lnk
    Found ! F:~$DV SEPT BASE.lnk
    Found ! F:PC 06 ALEG.lnk
    Found ! F:JV SEPT 13 BASE.lnk
    Found ! F:~$CV 175.lnk
    Found ! F:~$M184139 Combined Core & Logframe Rep SEPT 12.lnk
    Found ! F:CV SEPTEMBRE 180-196.lnk
    Found ! F:~$PC 20 BASE ET PC 04 ALEG.lnk
    Found ! F:CV SEMPTEMBRE FY 13 (1-50).lnk
    Found ! F:~$FY14 Budget for Strategy Management Advisor.lnk
    Found ! F:~$cv septembre (105-151).lnk
    Found ! F:~$COMPLET CV JUILLET FY13.lnk
    Found ! F:cv septembre (105-151).lnk
    Found ! F:~$cv septembre (154-179).lnk
    Found ! F:cv septembre (154-179).lnk
    Found ! F:~$COMPLT JV SEPT BASE.lnk
    Found ! F:~$CV SALAIRE SEPT FY13.lnk
    Found ! F:~$JV APRIL 2013.lnk
    Found ! F:~$CPLT JV BASE.lnk
    Found ! F:CV SALAIRE SEPT FY13.lnk
    Found ! F:~$Bank Reconciliation Base Boghe AOUT 13.lnk
    Found ! F:Bank Reconciliation Base Boghe AOUT 13.lnk
    Found ! F:~$DV SEPT 13.lnk
    Found ! F:DV SEPT 13.lnk
    Found ! F:~$Consolidated Aging Analysis SEPT 13 (1).lnk
    Found ! F:Consolidated Aging Analysis SEPT 13 (1).lnk
    Found ! F:~$CPLT JV CLOTURE.lnk
    Found ! F:CASH TRANSF.lnk
    Found ! F:~$JV CLOTUR.lnk
    Found ! F:JV SAL AOUT-SEPT 13.lnk
    Found ! F:Scan_Pic0026.lnk
    Found ! F:JV CLOTURE.lnk
    Found ! F:JVB A FAIRE SEPT 13.lnk
    Found ! F:VIREMENT BOGHE SEPT.lnk
    Found ! F:VIREMENT BOGHE SEPT 2013 BNM NKTT FY13 – Copie – Copie.lnk
    Found ! F:~$Bank Reconciliation Base Boghe SEPT 13.lnk
    Found ! F:Bank Reconciliation Base Boghe SEPT 13 Draft.lnk
    Found ! F:Perf Eval Dicko Seidine FY’13.lnk
    Found ! F:FORM Fixed Asset Compte 811 Dar El Barka FY.lnk
    Found ! F:ACPT LISTING FIXED ASSETS OCT- SEPT 13.lnk
    Found ! F:~$FORM Fixed Asset Compte 811.lnk
    Found ! F:FORM Fixed Asset Compte 811.lnk
    Found ! F:FORM Fixed Asset Compte 812 .lnk
    Found ! F:FORM Fixed Asset Compte 811 BABABE FY.lnk
    Found ! F:DOC FINANCE FY’13.lnk
    Found ! F:FOUND.001.lnk
    Found ! F:FOUND.002.lnk
    Found ! F:FOUND.000.lnk
    Found ! F:Villa ousmane.lnk
    Found ! F:Fixed Asset.lnk
    Found ! F:DOC STAGIAIRE FIANCE.lnk
    Found ! F:LDR BRAHIM NDAO.lnk
    Found ! F:LDR Send by IDY.lnk
    Found ! F:DIK DOC.lnk
    Found ! F:Autorun.inf.lnk
    Found ! C:DOCUME~1MRDICK~1LOCALS~1TempNEW25.tmp.exe

    ################## | Comparison MD5 |

    Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:Documents and SettingsMr DickoLocal SettingsTempprovide.vbe
    Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> C:Documents and SettingsMr DickoStart MenuProgramsStartupprovide.vbe
    Found ! Md5 : 4C557A0AA6F52D5A926F8B70BA0C2BE6 -> F:provide.vbe

    ################## | Registry |

    Found ! HKUS-1-5-21-1177238915-706699826-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKUS-1-5-21-1177238915-706699826-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKUS-1-5-21-1177238915-706699826-1801674531-1003SoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|provide
    Found ! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|provide

    ################## | Vaccin |

    F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    Evasion60Evasion60
    Participant
    Nombre d'articles : 1559

    :hello: Re Dicko

    /! STP, soit attentif à nos demandes / Merci ;)

    Tu as posté deux fois le mode Recherche
    J’attendais en second, le mode “Suppression
    Fait le, et poste son rapport

    ;)

5 sujets de 1 à 5 (sur un total de 5)
  • Vous devez être connecté pour répondre à ce sujet.