transmission de rapport 2013-10-11T05:03:00+00:00
  • Auteur
    Messages
  • ALaure
    Post count: 0

    Bonjour,
    ne sachant pas ce que je dois faire de ces informations et que mon problème persiste (usb créant des raccourcis), je me tourne vers vous pour vous demander de l’aide svp !
    je vous remercie par avance :)

    1- Rapport de recherche
    [spoiler:2qqwc037]############################## | UsbFix V 7.144 | [Recherche]

    Utilisateur: Anne-Laure (Administrateur) # ANNE-LAURE-PC
    Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 06:25:32 | 11/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (1426)
    CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
    RAM -> [Total : 3958 | Free : 1807]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 10.0.9200.16721

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 453 Go (85 Go libre(s) – 19%) [] # NTFS
    D: -> Disque fixe # 13 Go (2 Go libre(s) – 16%) [RECOVERY] # NTFS
    E: -> Disque fixe # 99 Mo (95 Mo libre(s) – 96%) [HP_TOOLS] # FAT32
    F: -> CD-ROM
    G: -> Disque amovible # 249 Mo (227 Mo libre(s) – 91%) [] # NTFS

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID 452 |ParentID 444)
    C:Windowssystem32wininit.exe (ID 504 |ParentID 444)
    C:Windowssystem32csrss.exe (ID 528 |ParentID 516)
    C:Windowssystem32services.exe (ID 572 |ParentID 504)
    C:Windowssystem32winlogon.exe (ID 604 |ParentID 516)
    C:Windowssystem32lsass.exe (ID 632 |ParentID 504)
    C:Windowssystem32lsm.exe (ID 640 |ParentID 504)
    C:Windowssystem32svchost.exe (ID 744 |ParentID 572)
    C:Windowssystem32svchost.exe (ID 824 |ParentID 572)
    c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 888 |ParentID 572)
    C:Windowssystem32atiesrxx.exe (ID 980 |ParentID 572)
    C:WindowsSystem32svchost.exe (ID 120 |ParentID 572)
    C:WindowsSystem32svchost.exe (ID 168 |ParentID 572)
    C:Windowssystem32svchost.exe (ID 416 |ParentID 572)
    C:Windowssystem32svchost.exe (ID 760 |ParentID 572)
    C:Windowssystem32svchost.exe (ID 1092 |ParentID 572)
    C:Windowssystem32svchost.exe (ID 1284 |ParentID 572)
    C:WindowsSystem32spoolsv.exe (ID 1456 |ParentID 572)
    C:Windowssystem32svchost.exe (ID 1484 |ParentID 572)
    C:Program FilesRealtekAudioHDAAERTSr64.exe (ID 1668 |ParentID 572)
    C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1692 |ParentID 572)
    C:Program FilesBonjourmDNSResponder.exe (ID 1716 |ParentID 572)
    C:WindowsSysWOW64svchost.exe (ID 1756 |ParentID 572)
    C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (ID 1804 |ParentID 572)
    C:Program Files (x86)RIFT TechnologiesInstallClick Connectorinstallclick.exe (ID 1856 |ParentID 572)
    C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID 1880 |ParentID 572)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 1904 |ParentID 572)
    C:Program Files (x86)CyberLinkShared filesRichVideo.exe (ID 1952 |ParentID 572)
    C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID 1988 |ParentID 572)
    C:Program Files (x86)SFRGestionnaire de ConnexionSFR.DashBoard.Service.exe (ID 1052 |ParentID 572)
    C:Windowssystem32svchost.exe (ID 1632 |ParentID 572)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2120 |ParentID 572)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2380 |ParentID 2120)
    c:Program FilesMicrosoft Security ClientNisSrv.exe (ID 2564 |ParentID 572)
    C:Windowssystem32SearchIndexer.exe (ID 2752 |ParentID 572)
    C:Windowssystem32atieclxx.exe (ID 3020 |ParentID 980)
    C:Windowssystem32svchost.exe (ID 2984 |ParentID 572)
    C:Program Files (x86)RIFT TechnologiesInstallClick Connectorinstallclick-connector.exe (ID 1712 |ParentID 1856)
    C:Windowssystem32conhost.exe (ID 1944 |ParentID 452)
    C:Windowssystem32svchost.exe (ID 2844 |ParentID 572)
    C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID 1168 |ParentID 572)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 2944 |ParentID 572)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID 2360 |ParentID 572)
    C:Windowssystem32taskhost.exe (ID 3640 |ParentID 572)
    C:Windowssystem32Dwm.exe (ID 724 |ParentID 168)
    C:WindowsExplorer.EXE (ID 1624 |ParentID 4004)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 1148 |ParentID 1624)
    C:Program FilesRealtekAudioHDARtkNGUI64.exe (ID 3248 |ParentID 1624)
    C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe (ID 3488 |ParentID 1624)
    C:Program FilesJavajre6binjusched.exe (ID 3924 |ParentID 1624)
    C:Program FilesMicrosoft Security Clientmsseces.exe (ID 1784 |ParentID 1624)
    C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID 2108 |ParentID 1624)
    C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe (ID 3748 |ParentID 1624)
    C:Program FilesWindows Sidebarsidebar.exe (ID 3552 |ParentID 1624)
    C:WindowsSystem32StikyNot.exe (ID 692 |ParentID 1624)
    C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID 1140 |ParentID 3224)
    C:UsersAnne-LaureAppDataRoamingcacaowebcacaoweb.exe (ID 3252 |ParentID 1624)
    C:WindowsSystem32wscript.exe (ID 992 |ParentID 1624)
    C:UsersAnne-LaureAppDataRoamingDropboxbinDropbox.exe (ID 3392 |ParentID 1624)
    C:Windowssystem32wbemwmiprvse.exe (ID 4136 |ParentID 744)
    C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID 4256 |ParentID 3120)
    C:Program Files (x86)HpHP Software Updatehpwuschd2.exe (ID 4272 |ParentID 3120)
    C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe (ID 4284 |ParentID 3120)
    C:Program Files (x86)iTunesiTunesHelper.exe (ID 4356 |ParentID 3120)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 4364 |ParentID 3120)
    C:WindowsSystem32svchost.exe (ID 4824 |ParentID 572)
    C:WindowsSysWOW64explorer.exe (ID 4840 |ParentID 4404)
    C:Program FilesiPodbiniPodService.exe (ID 4916 |ParentID 572)
    C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID 3184 |ParentID 572)
    C:UsersPublicIntel(R)Bl.exe (ID 3912 |ParentID 4404)
    C:Windowssystem32wbemwmiprvse.exe (ID 4596 |ParentID 744)
    C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID 5244 |ParentID 572)
    C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 5512 |ParentID 572)
    C:Program Files (x86)Hewlett-PackardSharedhpqToaster.exe (ID 5596 |ParentID 744)
    C:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exe (ID 5632 |ParentID 5596)
    C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE (ID 6140 |ParentID 1624)
    C:WindowsSysWOW64mshta.exe (ID 5004 |ParentID 1624)
    C:WindowsSysWOW64mshta.exe (ID 5020 |ParentID 1624)
    C:Windowssystem32svchost.exe (ID 2808 |ParentID 572)
    C:WindowsSysWOW64WScript.exe (ID 6024 |ParentID 5004)
    C:Windowssystem32DllHost.exe (ID 5060 |ParentID 744)
    C:WindowsSysWOW64WScript.exe (ID 5296 |ParentID 5020)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 5884 |ParentID 4172)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 6092 |ParentID 5884)
    C:WindowsSystem32WUDFHost.exe (ID 4812 |ParentID 168)
    C:Program Files (x86)Windows Media Playerwmplayer.exe (ID 5808 |ParentID 1624)
    C:Windowssystem32svchost.exe (ID 4944 |ParentID 572)
    C:UsbFixGo.exe (ID 4108 |ParentID 3624)
    C:Windowssystem32DllHost.exe (ID 3492 |ParentID 744)
    C:UsersPublicIntel(R)Pl5.exe (ID 6864 |ParentID 6024)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    HKLMSOFTWAREwow6432Node | Run : [QlbCtrl.exe] – C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWAREwow6432Node | Run : [WirelessAssistant] – C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [HPADVISOR] – C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe view=DOCKVIEW
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [Google Update] – “C:UsersAnne-LaureAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [Facebook Update] – “C:UsersAnne-LaureAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [bEWm2wMR] – wscript.exe //B “C:UsersANNE-L~1AppDataLocalTempbEWm2wMR.vbs”
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [Intel(R)Bl4] – C:UsersPublicIntel(R)Bl.exe
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-18SOFTWARE | RunOnce : [{91120000-002F-0000-0000-0000000FF1CE}] – C:Windowssystem32cmd.exe /C del “C:ProgramDataMicrosoft HelpRgstrtn.lck” /Q /A:H

    ################## | Éléments infectieux |

    Présent! G:bEWm2wMR.vbs
    Présent! C:UsersANNE-L~1AppDataLocalTempbEWm2wMR.vbs
    Présent! C:UsersAnne-LaureAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupbEWm2wMR.vbs
    Présent! C:UsersAnne-LaureAppDataRoamingC2191E4ak.tmp
    Présent! C:UsersAnne-LaureAppDataRoamingC2191E4
    Présent! G:M1.lnk
    Présent! G:Nouveau dossier.lnk
    Présent! G:System Volume Information.lnk
    Présent! C:UsersPublic9eizmmD.vbe
    Présent! C:UsersPublic9stziemD.VBE
    Présent! C:UsersPublicIntel(R)Bl.exe
    Présent! C:UsersPublicIntel(R)Pl5.exe
    Présent! C:UsersAnne-LaureAppDataRoamingAnne-Laure-wchelper.dll
    Présent! C:UsersAnne-LaureAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiz710bclD.lnk
    Présent! C:UsersAnne-LaureAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)Bl.exe
    Présent! C:UsersANNE-L~1AppDataLocalTempAnne-Laure7
    Présent! C:UsersANNE-L~1AppDataLocalTempAnne-Laure8
    Présent! C:UsersANNE-L~1AppDataLocalTempvf01.hta
    Présent! C:UsersANNE-L~1AppDataLocalTempyh.hta
    Présent! C:UsersAnne-LaureAppDataLocalTempbEWm2wMR.vbs

    ################## | Registre |

    Présent! HKUS-1-5-21-1206609475-1614017735-952486975-1000SoftwareMicrosoftWindowsCurrentVersionRun|bEWm2wMR
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|bEWm2wMR
    Présent! HKUS-1-5-21-1206609475-1614017735-952486975-1000SoftwareMicrosoftWindowsCurrentVersionRun|bEWm2wMR
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|bEWm2wMR
    Présent! HKUS-1-5-21-1206609475-1614017735-952486975-1000SoftwareMicrosoftWindowsCurrentVersionRun|bEWm2wMR
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|bEWm2wMR
    Présent! HKUS-1-5-21-1206609475-1614017735-952486975-1000SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
    HKCU….ExplorerMountPoints2G
    ShellAutoRunCommand = G:autorunner.exe “contenu clevotrekitsecu.htm”

    HKCU….ExplorerMountPoints2{1318bacc-aba8-11e1-9e7f-c80aa945e5a8}
    ShellAutoRunCommand = H:autorunner.exe “contenu clevotrekitsecu.htm”

    HKCU….ExplorerMountPoints2{7abb6f41-cf8b-11df-8fd2-c80aa945e5a8}
    ShellAutoRunCommand = G:Memorybar.exe

    HKCU….ExplorerMountPoints2{c8d82aa1-23ff-11e1-8c84-c80aa945e5a8}
    ShellAutoRunCommand = G:autorunner.exe “contenu clevotrekitsecu.htm”

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2qqwc037]

    2- Rapport de suppression
    [spoiler:2qqwc037]############################## | UsbFix V 7.144 | [Suppression]

    Utilisateur: Anne-Laure (Administrateur) # ANNE-LAURE-PC
    Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 06:31:40 | 11/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Hewlett-Packard (1426)
    CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
    RAM -> [Total : 3958 | Free : 1768]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 10.0.9200.16721

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 453 Go (85 Go libre(s) – 19%) [] # NTFS
    D: -> Disque fixe # 13 Go (2 Go libre(s) – 16%) [RECOVERY] # NTFS
    E: -> Disque fixe # 99 Mo (95 Mo libre(s) – 96%) [HP_TOOLS] # FAT32
    F: -> CD-ROM
    G: -> Disque amovible # 249 Mo (226 Mo libre(s) – 91%) [] # NTFS

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
    HKLMSOFTWAREwow6432Node | Run : [QlbCtrl.exe] – C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
    HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
    HKLMSOFTWAREwow6432Node | Run : [WirelessAssistant] – C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [HPADVISOR] – C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe view=DOCKVIEW
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [Google Update] – “C:UsersAnne-LaureAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [Facebook Update] – “C:UsersAnne-LaureAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [bEWm2wMR] – wscript.exe //B “C:UsersANNE-L~1AppDataLocalTempbEWm2wMR.vbs”
    HKUS-1-5-21-1206609475-1614017735-952486975-1000SOFTWARE | Run : [Intel(R)Bl4] – C:UsersPublicIntel(R)Bl.exe
    HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    HKUS-1-5-18SOFTWARE | RunOnce : [{91120000-002F-0000-0000-0000000FF1CE}] – C:Windowssystem32cmd.exe /C del “C:ProgramDataMicrosoft HelpRgstrtn.lck” /Q /A:H

    ################## | Processus Stoppés |

    Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 888 |ParentID 572)
    Stoppé! C:Windowssystem32atiesrxx.exe (ID 980 |ParentID 572)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID 1456 |ParentID 572)
    Stoppé! C:Program FilesRealtekAudioHDAAERTSr64.exe (ID 1668 |ParentID 572)
    Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1692 |ParentID 572)
    Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID 1716 |ParentID 572)
    Stoppé! C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe (ID 1804 |ParentID 572)
    Stoppé! C:Program Files (x86)RIFT TechnologiesInstallClick Connectorinstallclick.exe (ID 1856 |ParentID 572)
    Stoppé! C:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID 1880 |ParentID 572)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 1904 |ParentID 572)
    Stoppé! C:Program Files (x86)CyberLinkShared filesRichVideo.exe (ID 1952 |ParentID 572)
    Stoppé! C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe (ID 1988 |ParentID 572)
    Stoppé! C:Program Files (x86)SFRGestionnaire de ConnexionSFR.DashBoard.Service.exe (ID 1052 |ParentID 572)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2120 |ParentID 572)
    Stoppé! c:Program FilesMicrosoft Security ClientNisSrv.exe (ID 2564 |ParentID 572)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID 2752 |ParentID 572)
    Stoppé! C:Windowssystem32atieclxx.exe (ID 3020 |ParentID 980)
    Stoppé! C:Program Files (x86)RIFT TechnologiesInstallClick Connectorinstallclick-connector.exe (ID 1712 |ParentID 1856)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID 1168 |ParentID 572)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 2944 |ParentID 572)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 2360 |ParentID 572)
    Stoppé! C:Windowssystem32taskhost.exe (ID 3640 |ParentID 572)
    Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 1148 |ParentID 1624)
    Stoppé! C:Program FilesRealtekAudioHDARtkNGUI64.exe (ID 3248 |ParentID 1624)
    Stoppé! C:Program Files (x86)RealtekAudioOSDRtVOsd64.exe (ID 3488 |ParentID 1624)
    Stoppé! C:Program FilesJavajre6binjusched.exe (ID 3924 |ParentID 1624)
    Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID 1784 |ParentID 1624)
    Stoppé! C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe (ID 2108 |ParentID 1624)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe (ID 3748 |ParentID 1624)
    Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 3552 |ParentID 1624)
    Stoppé! C:WindowsSystem32StikyNot.exe (ID 692 |ParentID 1624)
    Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID 1140 |ParentID 3224)
    Stoppé! C:UsersAnne-LaureAppDataRoamingcacaowebcacaoweb.exe (ID 3252 |ParentID 1624)
    Stoppé! C:WindowsSystem32wscript.exe (ID 992 |ParentID 1624)
    Stoppé! C:UsersAnne-LaureAppDataRoamingDropboxbinDropbox.exe (ID 3392 |ParentID 1624)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID 4256 |ParentID 3120)
    Stoppé! C:Program Files (x86)HpHP Software Updatehpwuschd2.exe (ID 4272 |ParentID 3120)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe (ID 4284 |ParentID 3120)
    Stoppé! C:Program Files (x86)iTunesiTunesHelper.exe (ID 4356 |ParentID 3120)
    Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 4364 |ParentID 3120)
    Stoppé! C:WindowsSysWOW64explorer.exe (ID 4840 |ParentID 4404)
    Stoppé! C:Program FilesiPodbiniPodService.exe (ID 4916 |ParentID 572)
    Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (ID 3184 |ParentID 572)
    Stoppé! C:UsersPublicIntel(R)Bl.exe (ID 3912 |ParentID 4404)
    Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID 5244 |ParentID 572)
    Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 5512 |ParentID 572)
    Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqToaster.exe (ID 5596 |ParentID 744)
    Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exe (ID 5632 |ParentID 5596)
    Stoppé! C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE (ID 6140 |ParentID 1624)
    Stoppé! C:WindowsSysWOW64mshta.exe (ID 5004 |ParentID 1624)
    Stoppé! C:WindowsSysWOW64mshta.exe (ID 5020 |ParentID 1624)
    Stoppé! C:WindowsSysWOW64WScript.exe (ID 6024 |ParentID 5004)
    Stoppé! C:Windowssystem32DllHost.exe (ID 5060 |ParentID 744)
    Stoppé! C:WindowsSysWOW64WScript.exe (ID 5296 |ParentID 5020)
    Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 5884 |ParentID 4172)
    Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 6092 |ParentID 5884)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID 4812 |ParentID 168)
    Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID 7068 |ParentID 4108)
    Stoppé! C:UsersPublicIntel(R)Pl5.exe (ID 6476 |ParentID 6440)

    ################## | Éléments infectieux |

    Supprimé! G:bEWm2wMR.vbs
    Supprimé! C:UsersANNE-L~1AppDataLocalTempbEWm2wMR.vbs
    Supprimé! C:UsersAnne-LaureAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupbEWm2wMR.vbs
    Supprimé! C:UsersAnne-LaureAppDataRoamingC2191E4ak.tmp
    Supprimé! C:UsersAnne-LaureAppDataRoamingC2191E4
    Supprimé! G:M1.lnk
    Supprimé! G:Nouveau dossier.lnk
    Supprimé! G:System Volume Information.lnk
    Supprimé! C:UsersPublic9eizmmD.vbe
    Supprimé! C:UsersPublic9stziemD.VBE
    Supprimé! C:UsersPublicIntel(R)Bl.exe
    Supprimé! C:UsersPublicIntel(R)Pl5.exe
    Supprimé! C:UsersAnne-LaureAppDataRoamingAnne-Laure-wchelper.dll
    Supprimé! C:UsersAnne-LaureAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiz710bclD.lnk
    Supprimé! C:UsersAnne-LaureAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)Bl.exe
    Supprimé! C:UsersANNE-L~1AppDataLocalTempAnne-Laure7
    Supprimé! C:UsersANNE-L~1AppDataLocalTempAnne-Laure8
    Supprimé! C:UsersANNE-L~1AppDataLocalTempvf01.hta
    Supprimé! C:UsersANNE-L~1AppDataLocalTempyh.hta

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-1206609475-1614017735-952486975-1000SoftwareMicrosoftWindowsCurrentVersionRun|bEWm2wMR
    Supprimé! HKUS-1-5-21-1206609475-1614017735-952486975-1000SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
    Supprimé! HKCU….ExplorerMountPoints2G
    Supprimé! HKCU….ExplorerMountPoints2{1318bacc-aba8-11e1-9e7f-c80aa945e5a8}
    Supprimé! HKCU….ExplorerMountPoints2{7abb6f41-cf8b-11df-8fd2-c80aa945e5a8}
    Supprimé! HKCU….ExplorerMountPoints2{c8d82aa1-23ff-11e1-8c84-c80aa945e5a8}

    ################## | Listing |

    [17/06/2012 – 10:49:57 | SHD ] C:$Recycle.Bin
    [01/12/2012 – 00:24:51 | N | 704793] C:bdlog.txt
    [24/01/2010 – 03:18:08 | SHD ] C:boot
    [14/07/2009 – 03:38:58 | RASH | 383562] C:bootmgr
    [13/11/2010 – 12:11:57 | D ] C:Dalloz
    [14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
    [11/10/2013 – 03:16:22 | ASH | 3112587264] C:hiberfil.sys
    [24/03/2010 – 02:05:19 | D ] C:HP
    [25/02/2013 – 12:55:43 | D ] C:Kreapixel
    [11/10/2013 – 03:16:53 | N | 115] C:log2.txt
    [02/12/2006 – 00:37:14 | N | 904704] C:msdia80.dll
    [23/01/2010 – 15:55:49 | RHD ] C:MSOCache
    [11/10/2013 – 03:16:22 | ASH | 4150116352] C:pagefile.sys
    [14/07/2009 – 05:20:08 | D ] C:PerfLogs
    [01/02/2013 – 21:30:18 | D ] C:Program Files
    [11/10/2013 – 06:24:08 | D ] C:Program Files (x86)
    [11/10/2013 – 04:51:02 | HD ] C:ProgramData
    [18/07/2010 – 09:56:33 | SHD ] C:Recovery
    [06/03/2012 – 21:00:09 | D ] C:SwSetup
    [11/10/2013 – 06:14:40 | SHD ] C:System Volume Information
    [18/07/2010 – 09:56:37 | D ] C:SYSTEM.SAV
    [11/10/2013 – 06:33:00 | D ] C:UsbFix
    [11/10/2013 – 06:34:26 | A | 13243] C:UsbFix [Clean 2] ANNE-LAURE-PC.txt
    [11/10/2013 – 06:30:22 | N | 14378] C:UsbFix [Scan 1] ANNE-LAURE-PC.txt
    [27/06/2012 – 21:02:53 | N | 488] C:user.js
    [25/10/2010 – 22:05:05 | RD ] C:Users
    [11/10/2013 – 04:57:56 | D ] C:Windows
    [18/07/2010 – 10:03:29 | SHD ] D:$RECYCLE.BIN
    [18/07/2010 – 10:03:25 | SHD ] D:boot
    [14/07/2009 – 20:39:00 | ASH | 383562] D:bootmgr
    [18/07/2010 – 10:03:25 | N | 0] D:BT_HP.FLG
    [24/03/2010 – 11:40:17 | N | 483] D:CSP.DAT
    [24/03/2010 – 11:48:08 | N | 12036] D:DeployRp.log
    [18/07/2010 – 10:03:25 | D ] D:hp
    [06/03/2012 – 20:44:29 | N | 19] D:HPSF_Rep.txt
    [20/09/2010 – 19:40:39 | N | 8] D:HP_WSD.dat
    [18/07/2010 – 10:03:25 | N | 22] D:language.ini
    [18/07/2010 – 10:03:25 | SHD ] D:preload
    [18/07/2010 – 10:03:25 | SD ] D:Recovery
    [24/03/2010 – 11:48:04 | N | 0] D:RPCONFIG.LOG
    [11/09/2010 – 11:30:20 | SHD ] D:System Volume Information
    [18/07/2010 – 10:03:26 | D ] D:system.sav
    [20/09/2010 – 19:40:40 | N | 8] E:HP_WSD.dat
    [24/03/2010 – 00:50:58 | D ] E:Hewlett-Packard
    [18/07/2010 – 10:03:30 | SHD ] E:$RECYCLE.BIN
    [06/03/2012 – 19:44:30 | N | 19] E:HPSF_Rep.txt
    [11/10/2013 – 05:45:58 | DC ] G:M1
    [11/10/2013 – 05:56:07 | DC ] G:Nouveau dossier
    [11/10/2013 – 06:00:36 | SHD ] G:System Volume Information

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2qqwc037]

  • Photo du profil de 2011N22011N2
    Participant
    Post count: 27

    Bonjour,

    La suppression avec UsbFix n’a pas réglé ton problème ?

    Gabriel.

Le sujet ‘transmission de rapport’ est fermé à de nouvelles réponses.