virus serge le lama 2013-12-23T17:29:36+00:00

Dépannage Informatique : virus serge le lama

  • Auteur
    Messages
  • yannick
    Nombre d'articles : 0

    ############################## | UsbFix V 7.155 | [Research]

    User: hp (Administrator) # PC-HP
    Updated 16/12/2013 by El Desaparecido – Team SosVirus
    Started at 18:11:56 | 23/12/2013

    Website : http://www.en.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.en.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Flextronics (3054)
    CPU: AMD Athlon(tm) Neo Processor MV-40
    RAM -> [Total : 1917 | Free : 633]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Home Basic (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Mozilla Firefox : 26.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Fixed drive # 139 Gb (10 Mb free – 7%) [] # NTFS
    D: -> Fixed drive # 10 Gb (2 Mb free – 17%) [RECOVERY] # NTFS
    E: -> Fixed drive # 298 Gb (147 Mb free – 49%) [My Passport] # FAT32
    F: -> Removable drive # 2 Gb (2 Mb free – 89%) [TALITSKY] # FAT
    G: -> Fixed drive # 466 Gb (115 Mb free – 25%) [MEMORIA] # NTFS

    ################## | Active Processes |

    C:Windowssystem32csrss.exe (ID: 504 |ParentID: 492)
    C:Windowssystem32wininit.exe (ID: 576 |ParentID: 492)
    C:Windowssystem32csrss.exe (ID: 584 |ParentID: 568)
    C:Windowssystem32winlogon.exe (ID: 624 |ParentID: 568)
    C:Windowssystem32services.exe (ID: 652 |ParentID: 576)
    C:Windowssystem32lsass.exe (ID: 668 |ParentID: 576)
    C:Windowssystem32lsm.exe (ID: 676 |ParentID: 576)
    C:Windowssystem32svchost.exe (ID: 844 |ParentID: 652)
    C:Windowssystem32svchost.exe (ID: 940 |ParentID: 652)
    C:WindowsSystem32svchost.exe (ID: 972 |ParentID: 652)
    C:Windowssystem32Ati2evxx.exe (ID: 1080 |ParentID: 652)
    C:WindowsSystem32svchost.exe (ID: 1116 |ParentID: 652)
    C:WindowsSystem32svchost.exe (ID: 1144 |ParentID: 652)
    C:Windowssystem32svchost.exe (ID: 1160 |ParentID: 652)
    C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_827e372dSTacSV.exe (ID: 1184 |ParentID: 652)
    C:Windowssystem32svchost.exe (ID: 1332 |ParentID: 652)
    C:Windowssystem32SLsvc.exe (ID: 1352 |ParentID: 652)
    C:Windowssystem32svchost.exe (ID: 1384 |ParentID: 652)
    C:Windowssystem32Hpservice.exe (ID: 1512 |ParentID: 652)
    C:Windowssystem32svchost.exe (ID: 1584 |ParentID: 652)
    C:Windowssystem32Ati2evxx.exe (ID: 1684 |ParentID: 1080)
    C:Windowssystem32WLANExt.exe (ID: 1800 |ParentID: 1144)
    C:WindowsExplorer.EXE (ID: 1868 |ParentID: 1824)
    C:Windowssystem32Dwm.exe (ID: 1876 |ParentID: 1144)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1896 |ParentID: 652)
    C:WindowsSystem32spoolsv.exe (ID: 568 |ParentID: 652)
    C:Windowssystem32taskeng.exe (ID: 420 |ParentID: 1160)
    C:Windowssystem32svchost.exe (ID: 1036 |ParentID: 652)
    C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 2296 |ParentID: 652)
    C:Windowssystem32svchost.exe (ID: 2312 |ParentID: 652)
    C:Windowssystem32svchost.exe (ID: 2380 |ParentID: 652)
    C:Program FilesRealNetworksRealDownloaderrndlresolversvc.exe (ID: 2592 |ParentID: 652)
    C:Program FilesSMINSTBLService.exe (ID: 2616 |ParentID: 652)
    C:Program FilesCyberLinkShared filesRichVideo.exe (ID: 2640 |ParentID: 652)
    C:Windowssystem32svchost.exe (ID: 2688 |ParentID: 652)
    C:Program FilesHewlett-PackardMediaTVKernelTVTVCapSvc.exe (ID: 2740 |ParentID: 652)
    C:WindowsSystem32svchost.exe (ID: 2816 |ParentID: 652)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2856 |ParentID: 652)
    C:Windowssystem32SearchIndexer.exe (ID: 2900 |ParentID: 652)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3232 |ParentID: 2856)
    C:Program FilesApoint2KApoint.exe (ID: 3360 |ParentID: 1868)
    C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe (ID: 3384 |ParentID: 1868)
    C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe (ID: 3396 |ParentID: 1868)
    C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe (ID: 3404 |ParentID: 1868)
    C:Program FilesWindows DefenderMSASCui.exe (ID: 3432 |ParentID: 1868)
    C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3440 |ParentID: 1868)
    C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID: 3488 |ParentID: 1868)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3508 |ParentID: 1868)
    C:Program FilesHewlett-PackardMediaTVTVAgent.exe (ID: 3532 |ParentID: 1868)
    C:Program FilesRealRealPlayerUpdaterealsched.exe (ID: 3564 |ParentID: 1868)
    C:Program FilesIDTWDMsttray.exe (ID: 3576 |ParentID: 1868)
    C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3588 |ParentID: 1868)
    C:UsershpAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID: 3612 |ParentID: 1868)
    C:Program FilesSiber SystemsAI RoboFormrobotaskbaricon.exe (ID: 3628 |ParentID: 1868)
    C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 3656 |ParentID: 1868)
    C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 3904 |ParentID: 3264)
    C:Program FilesApoint2KApntex.exe (ID: 2668 |ParentID: 1228)
    C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 3556 |ParentID: 652)
    C:Windowssystem32wbemwmiprvse.exe (ID: 2148 |ParentID: 844)
    C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 2356 |ParentID: 3904)
    C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 3640 |ParentID: 652)
    C:Windowssystem32taskeng.exe (ID: 3376 |ParentID: 1160)
    C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 2228 |ParentID: 652)
    C:Program FilesHewlett-PackardSharedhpqToaster.exe (ID: 1008 |ParentID: 844)
    C:Windowssystem32svchost.exe (ID: 4508 |ParentID: 652)
    c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 4848 |ParentID: 652)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4640 |ParentID: 844)
    C:Program FilesMozilla Firefoxfirefox.exe (ID: 5600 |ParentID: 1868)
    C:Program FilesAresAres.exe (ID: 5296 |ParentID: 1868)
    C:Program FilesMozilla Firefoxplugin-container.exe (ID: 5756 |ParentID: 5600)
    C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 5408 |ParentID: 5756)
    C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 5292 |ParentID: 5408)
    C:WindowsSystem32WUDFHost.exe (ID: 4252 |ParentID: 1144)
    \?C:Windowssystem32wbemWMIADAP.EXE (ID: 5852 |ParentID: 1160)
    C:Windowssystem32taskeng.exe (ID: 2568 |ParentID: 1160)
    C:WindowsSystem32mobsync.exe (ID: 4228 |ParentID: 844)
    C:Windowssystem32SearchProtocolHost.exe (ID: 5384 |ParentID: 2900)
    C:Windowssystem32SearchFilterHost.exe (ID: 6120 |ParentID: 2900)
    C:UsbFixGo.exe (ID: 4812 |ParentID: 4304)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesApoint2KApoint.exe
    04 – HKLMSOFTWARE | Run : [TSMAgent] – “C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe”
    04 – HKLMSOFTWARE | Run : [CLMLServer for HP TouchSmart] – “C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe”
    04 – HKLMSOFTWARE | Run : [SmartMenu] – %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
    04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
    04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLMSOFTWARE | Run : [TVAgent] – “C:Program FilesHewlett-PackardMediaTVTVAgent.exe”
    04 – HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program FilesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program filesrealrealplayerUpdaterealsched.exe” -osboot
    04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAlwil SoftwareAvast5setupemupdate6d59a6c-af3b-46c2-9530-b90eef7101d1.exe /check
    04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Rainlendar2] – C:Program FilesRainlendar2Rainlendar2.exe
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Power2GoExpress] –
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Google Update] – “C:UsershpAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsershpAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [SergeLeLama] – wscript.exe //B “C:UsershpAppDataLocalTempSergeLeLama.vbs”
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [RoboForm] – “C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe”

    ################## | Generic Research |

    Found ! C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Found ! C:UsershpAppDataLocalTempSergeLeLama.vbs
    Found ! F:SergeLeLama.vbs
    Found ! E:setup.exe
    Found ! D:New Folder.lnk
    Found ! D:Passwords.lnk
    Found ! D:Documents.lnk
    Found ! D:Pictures.lnk
    Found ! D:Music.lnk
    Found ! D:Video.lnk
    Found ! F:Licence-4.lnk
    Found ! F:Licence.lnk
    Found ! F:Expression.lnk
    Found ! F:Licence-1.lnk
    Found ! F:Licence-2.lnk
    Found ! F:Licence-3.lnk
    Found ! F:Sujet 5.lnk
    Found ! F:Mapa espana 1400.lnk
    Found ! F:.Trash-1001.lnk
    Found ! F:Sequia en Lorca.lnk
    Found ! F:formulaire_prelevementsoppositionrevocation.lnk
    Found ! D:qlvois.exe
    Found ! E:qlvois.exe
    Found ! G:autorun.inf

    ################## | Reference of comparison MD5 |

    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsershpAppDataLocalTempSergeLeLama.vbs
    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> F:SergeLeLama.vbs

    ################## | Comparison MD5 |

    Found ! Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsershpAppDataLocalTempSergeLeLama.vbs
    Found ! Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Found ! Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> F:.Trash-1001filesSergeLeLama.vbs
    Found ! Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> F:SergeLeLama.vbs

    ################## | Registry |

    Found ! HKUS-1-5-21-3376187227-3396461633-3672269599-1000SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
    Found ! HKUS-1-5-21-3376187227-3396461633-3672269599-1000SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
    Found ! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama

    ################## | Vaccin |

    D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8362

    coucou :E :hello:

    relance usbfix , clique sur suppression puis poste le rapport en découlant 🙂

  • yannick
    Nombre d'articles : 0

    ############################## | UsbFix V 7.155 | [Deletion]

    User: hp (Administrator) # PC-HP
    Updated 16/12/2013 by El Desaparecido – Team SosVirus
    Started at 13:13:26 | 31/12/2013

    Website : http://www.en.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.en.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Flextronics (3054)
    CPU: AMD Athlon(tm) Neo Processor MV-40
    RAM -> [Total : 1917 | Free : 721]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Home Basic (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Mozilla Firefox : 26.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Fixed drive # 139 Gb (10 Mb free – 7%) [] # NTFS
    D: -> Fixed drive # 10 Gb (2 Mb free – 17%) [RECOVERY] # NTFS
    F: -> Removable drive # 2 Gb (2 Mb free – 89%) [TALITSKY] # FAT

    ################## | Stopped processes |

    Stopped! C:Windowssystem32Ati2evxx.exe (ID: 1104 |ParentID: 672)
    Stopped! C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_827e372dSTacSV.exe (ID: 1204 |ParentID: 672)
    Stopped! C:Windowssystem32SLsvc.exe (ID: 1360 |ParentID: 672)
    Stopped! C:Windowssystem32Hpservice.exe (ID: 1516 |ParentID: 672)
    Stopped! C:Windowssystem32WLANExt.exe (ID: 1764 |ParentID: 1156)
    Stopped! C:Windowssystem32Ati2evxx.exe (ID: 1788 |ParentID: 1104)
    Stopped! C:WindowsExplorer.EXE (ID: 1920 |ParentID: 1852)
    Stopped! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1960 |ParentID: 672)
    Stopped! C:WindowsSystem32spoolsv.exe (ID: 496 |ParentID: 672)
    Stopped! C:Windowssystem32taskeng.exe (ID: 600 |ParentID: 1172)
    Stopped! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 2296 |ParentID: 672)
    Stopped! C:Program FilesRealNetworksRealDownloaderrndlresolversvc.exe (ID: 2492 |ParentID: 672)
    Stopped! C:Program FilesSMINSTBLService.exe (ID: 2584 |ParentID: 672)
    Stopped! C:Program FilesCyberLinkShared filesRichVideo.exe (ID: 2624 |ParentID: 672)
    Stopped! C:Program FilesHewlett-PackardMediaTVKernelTVTVCapSvc.exe (ID: 2728 |ParentID: 672)
    Stopped! C:Program FilesHewlett-PackardMediaTVKernelTVTVSched.exe (ID: 2764 |ParentID: 672)
    Stopped! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2836 |ParentID: 672)
    Stopped! C:Windowssystem32SearchIndexer.exe (ID: 2892 |ParentID: 672)
    Stopped! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3000 |ParentID: 2836)
    Stopped! C:Program FilesApoint2KApoint.exe (ID: 3324 |ParentID: 1920)
    Stopped! C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe (ID: 3356 |ParentID: 1920)
    Stopped! C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe (ID: 3388 |ParentID: 1920)
    Stopped! C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe (ID: 3396 |ParentID: 1920)
    Stopped! C:Program FilesWindows DefenderMSASCui.exe (ID: 3424 |ParentID: 1920)
    Stopped! C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3432 |ParentID: 1920)
    Stopped! C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID: 3484 |ParentID: 1920)
    Stopped! C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3492 |ParentID: 1920)
    Stopped! C:Program FilesHewlett-PackardMediaTVTVAgent.exe (ID: 3504 |ParentID: 1920)
    Stopped! C:Program FilesRealRealPlayerUpdaterealsched.exe (ID: 3556 |ParentID: 1920)
    Stopped! C:Program FilesIDTWDMsttray.exe (ID: 3576 |ParentID: 1920)
    Stopped! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3584 |ParentID: 1920)
    Stopped! C:UsershpAppDataRoamingSpotifyDataSpotifyWebHelper.exe (ID: 3616 |ParentID: 1920)
    Stopped! C:Program FilesSiber SystemsAI RoboFormrobotaskbaricon.exe (ID: 3636 |ParentID: 1920)
    Stopped! C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 3660 |ParentID: 1920)
    Stopped! C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 3876 |ParentID: 3292)
    Stopped! C:Program FilesApoint2KApntex.exe (ID: 2376 |ParentID: 1112)
    Stopped! C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 3316 |ParentID: 672)
    Stopped! C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 3224 |ParentID: 672)
    Stopped! C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 3904 |ParentID: 3876)
    Stopped! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 2996 |ParentID: 672)
    Stopped! C:Windowssystem32taskeng.exe (ID: 3712 |ParentID: 1172)
    Stopped! C:Program FilesHewlett-PackardSharedhpqToaster.exe (ID: 2920 |ParentID: 856)
    Stopped! C:Program FilesMozilla Firefoxfirefox.exe (ID: 4840 |ParentID: 1920)
    Stopped! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 4892 |ParentID: 672)
    Stopped! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 4780 |ParentID: 4840)
    Stopped! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 4680 |ParentID: 4780)
    Stopped! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 4080 |ParentID: 4680)
    Stopped! C:WindowsSystem32WUDFHost.exe (ID: 6064 |ParentID: 1156)
    Stopped! C:WindowsSystem32mobsync.exe (ID: 2372 |ParentID: 856)
    Stopped! C:Program FilesWindows Media Playerwmplayer.exe (ID: 1976 |ParentID: 2372)
    Stopped! C:WindowsSystem32WUDFHost.exe (ID: 3748 |ParentID: 1156)
    Stopped! C:Windowssystem32conime.exe (ID: 4112 |ParentID: 4184)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesApoint2KApoint.exe
    04 – HKLMSOFTWARE | Run : [TSMAgent] – “C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe”
    04 – HKLMSOFTWARE | Run : [CLMLServer for HP TouchSmart] – “C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe”
    04 – HKLMSOFTWARE | Run : [SmartMenu] – %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
    04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
    04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLMSOFTWARE | Run : [TVAgent] – “C:Program FilesHewlett-PackardMediaTVTVAgent.exe”
    04 – HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program FilesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program filesrealrealplayerUpdaterealsched.exe” -osboot
    04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Rainlendar2] – C:Program FilesRainlendar2Rainlendar2.exe
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Power2GoExpress] –
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Google Update] – “C:UsershpAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsershpAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [SergeLeLama] – wscript.exe //B “C:UsershpAppDataLocalTempSergeLeLama.vbs”
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [RoboForm] – “C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe”

    ################## | Generic Research |

    Deleted ! C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Deleted ! C:UsershpAppDataLocalTempSergeLeLama.vbs
    Deleted ! F:SergeLeLama.vbs
    Deleted ! D:New Folder.lnk
    Deleted ! D:Passwords.lnk
    Deleted ! D:Documents.lnk
    Deleted ! D:Pictures.lnk
    Deleted ! D:Music.lnk
    Deleted ! D:Video.lnk
    Deleted ! F:Licence.lnk
    Deleted ! F:Licence-4.lnk
    Deleted ! F:Expression.lnk
    Deleted ! F:Licence-1.lnk
    Deleted ! F:Licence-2.lnk
    Deleted ! F:Licence-3.lnk
    Deleted ! F:Sujet 5.lnk
    Deleted ! F:Mapa espana 1400.lnk
    Deleted ! F:.Trash-1001.lnk
    Deleted ! F:Sequia en Lorca.lnk
    Deleted ! F:formulaire_prelevementsoppositionrevocation.lnk
    Deleted ! F:autorun.inf.lnk
    Deleted ! D:qlvois.exe

    ################## | Reference of comparison MD5 |

    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsershpAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSergeLeLama.vbs
    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> C:UsershpAppDataLocalTempSergeLeLama.vbs
    Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> F:SergeLeLama.vbs

    ################## | Comparison MD5 |

    Deleted ! Md5 : 60D849CC9B4307DBD85271D3DF0A9915 -> F:.Trash-1001filesSergeLeLama.vbs

    ################## | Registry |

    Deleted ! HKUS-1-5-21-3376187227-3396461633-3672269599-1000SoftwareMicrosoftWindowsCurrentVersionRun|SergeLeLama
    Deleted ! HKUS-1-5-21-3376187227-3396461633-3672269599-1000Software….Mountpoints2{37f7e0a8-5cb6-11de-8764-0021cc37bac4}
    Deleted ! HKUS-1-5-21-3376187227-3396461633-3672269599-1000Software….Mountpoints2{561b3af1-a03c-11de-8a7c-0021cc37bac4}

    ################## | Listing |

    [09/05/2013 – 22:27:14 | N | 1 Ko] – C:DelFix.txt
    [23/12/2013 – 18:21:52 | N | 13 Ko] – C:UsbFix [Scan 1] PC-HP.txt
    [31/12/2013 – 13:21:06 | A | 11 Ko] – C:UsbFix [Clean 1] PC-HP.txt
    [31/12/2013 – 12:26:07 | ASH | 2270464 Ko] – C:pagefile.sys
    [13/05/2009 – 11:55:28 | D] – C:System.sav
    [13/05/2009 – 15:55:43 | SD] – C:$RECYCLE.BIN
    [09/05/2013 – 20:48:48 | A | 0 Ko] – C:autoexec.bat
    [02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
    [21/01/2008 – 03:43:50 | D] – C:PerfLogs
    [11/04/2009 – 07:36:36 | RAS | 325 Ko] – C:bootmgr
    [13/05/2009 – 11:52:43 | D] – C:Programmi
    [13/05/2009 – 11:53:06 | D] – C:Users
    [20/08/2009 – 19:19:05 | SHD] – C:boot
    [23/11/2009 – 07:47:02 | D] – C:HP
    [10/01/2010 – 01:35:36 | D] – C:My Music
    [29/12/2011 – 23:21:48 | D] – C:Manual-PCProgram
    [27/06/2013 – 12:49:45 | N | 0 Ko] – C:END
    [05/10/2013 – 08:33:46 | D] – C:SwSetup
    [21/12/2013 – 23:20:15 | D] – C:Program Files
    [23/12/2013 – 11:20:47 | D] – C:Windows
    [25/12/2013 – 11:32:01 | SD] – C:System Volume Information
    [31/12/2013 – 12:27:19 | HD] – C:ProgramData
    [31/12/2013 – 13:04:23 | D] – C:Temp
    [31/12/2013 – 13:20:55 | D] – C:UsbFix
    [12/08/2003 – 09:37:30 | S | 178 Ko] – D:protect.turkish
    [10/09/2002 – 13:15:06 | S | 177 Ko] – D:protect.swedish
    [03/11/2005 – 14:11:46 | S | 177 Ko] – D:protect.spanish
    [04/07/2007 – 10:46:44 | S | 178 Ko] – D:protect.slovak
    [28/06/2004 – 07:52:46 | S | 207 Ko] – D:protect.russian
    [15/09/2008 – 14:57:54 | S | 177 Ko] – D:protect.romanian
    [13/05/2009 – 11:54:07 | N | 0 Ko] – D:BLOCK.RIN
    [27/10/2005 – 18:24:10 | S | 178 Ko] – D:protect.portuguese brazilian
    [03/11/2005 – 14:13:12 | S | 177 Ko] – D:protect.portuguese
    [25/04/2006 – 13:44:10 | S | 178 Ko] – D:protect.polish
    [03/11/2005 – 14:15:12 | S | 177 Ko] – D:protect.norwegian
    [31/12/2013 – 12:26:51 | N | 0 Ko] – D:MASTER.LOG
    [24/11/2005 – 10:24:44 | S | 213 Ko] – D:protect.korean
    [19/06/2007 – 14:22:10 | S | 178 Ko] – D:protect.japanese
    [03/11/2005 – 14:17:00 | S | 177 Ko] – D:protect.italian
    [04/11/2008 – 16:37:42 | SH | 1 Ko] – D:Desktop.ini
    [23/12/2013 – 18:21:52 | RASHD] – D:Autorun.inf
    [28/08/2007 – 13:58:08 | N | 177 Ko] – D:protect.hungarian
    [10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
    [23/01/2006 – 08:18:00 | S | 178 Ko] – D:protect.hebrew
    [23/11/2005 – 14:56:46 | S | 178 Ko] – D:protect.greek
    [03/11/2005 – 14:18:10 | S | 177 Ko] – D:protect.german
    [03/11/2005 – 14:19:52 | S | 177 Ko] – D:protect.french
    [03/11/2005 – 14:20:20 | S | 177 Ko] – D:protect.finnish
    [22/11/2004 – 14:28:30 | S | 177 Ko] – D:protect.english
    [10/09/2002 – 12:50:18 | S | 177 Ko] – D:protect.ed
    [10/09/2002 – 12:56:12 | S | 177 Ko] – D:protect.dutch
    [03/11/2005 – 14:21:26 | S | 177 Ko] – D:protect.danish
    [27/04/2006 – 15:19:40 | S | 178 Ko] – D:protect.czech
    [16/09/2002 – 13:37:48 | S | 178 Ko] – D:protect.chinese traditional
    [16/09/2002 – 13:37:40 | S | 178 Ko] – D:protect.chinese simplified
    [16/09/2002 – 13:37:48 | S | 178 Ko] – D:protect.chinese hong kong
    [15/09/2008 – 14:57:58 | S | 178 Ko] – D:protect.bulgarian
    [13/05/2009 – 15:55:43 | SD] – D:$RECYCLE.BIN
    [12/09/2008 – 16:17:38 | S | 373 Ko] – D:protect.arabic
    [03/10/2006 – 22:02:44 | S | 428 Ko] – D:bootmgr
    [29/03/2009 – 20:49:13 | RD] – D:RECOVERY
    [29/03/2009 – 20:49:14 | RSHD] – D:boot
    [29/03/2009 – 20:49:22 | D] – D:WINDOWS
    [29/03/2009 – 20:49:22 | RSHD] – D:SOURCES
    [29/03/2009 – 20:49:23 | RSHD] – D:PRELOAD
    [29/03/2009 – 20:49:37 | D] – D:Tools
    [29/03/2009 – 20:49:38 | D] – D:HP
    [15/06/2009 – 17:22:27 | SD] – D:System Volume Information
    [18/11/2013 – 17:23:16 | N | 69718 Ko] – F:Sujet 5.VOB
    [17/12/2013 – 09:19:56 | D] – F:.Trash-1001
    [14/12/2013 – 22:16:26 | N | 1262 Ko] – F:Mapa espana 1400.pdf
    [16/12/2013 – 09:10:54 | N | 74 Ko] – F:Licence-4.pdf
    [16/12/2013 – 09:11:56 | N | 84 Ko] – F:Licence.pdf
    [16/12/2013 – 09:12:40 | N | 86 Ko] – F:Expression.pdf
    [16/12/2013 – 09:13:10 | N | 71 Ko] – F:Licence-1.pdf
    [16/12/2013 – 09:13:42 | N | 91 Ko] – F:Licence-2.pdf
    [16/12/2013 – 09:14:06 | N | 84 Ko] – F:Licence-3.pdf
    [17/12/2013 – 21:01:08 | N | 40 Ko] – F:formulaire_prelevementsoppositionrevocation.pdf
    [17/12/2013 – 12:23:52 | N | 21 Ko] – F:Sequia en Lorca.odt
    [23/12/2013 – 18:33:48 | SHD] – F:autorun.inf

    ################## | Vaccin |

    D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • yannick
    Nombre d'articles : 0

    hello ! 😀
    Je n’ai plus rien sur ma clé usb ! C’est normal ??? :surpris:
    Aussi je ne l’ai fait qu’avec 2 clés parce que je n’ai que de ports usb. Je dois le refaire avec les autres ou c’est pas la peine ?

  • Anonyme
    Nombre d'articles : 0

    Hello :hello: ,

    Il y a ça sur ta clé F :

    [18/11/2013 – 17:23:16 | N | 69718 Ko] – F:Sujet 5.VOB
    [17/12/2013 – 09:19:56 | D] – F:.Trash-1001
    [14/12/2013 – 22:16:26 | N | 1262 Ko] – F:Mapa espana 1400.pdf
    [16/12/2013 – 09:10:54 | N | 74 Ko] – F:Licence-4.pdf
    [16/12/2013 – 09:11:56 | N | 84 Ko] – F:Licence.pdf
    [16/12/2013 – 09:12:40 | N | 86 Ko] – F:Expression.pdf
    [16/12/2013 – 09:13:10 | N | 71 Ko] – F:Licence-1.pdf
    [16/12/2013 – 09:13:42 | N | 91 Ko] – F:Licence-2.pdf
    [16/12/2013 – 09:14:06 | N | 84 Ko] – F:Licence-3.pdf
    [17/12/2013 – 21:01:08 | N | 40 Ko] – F:formulaire_prelevementsoppositionrevocation.pdf
    [17/12/2013 – 12:23:52 | N | 21 Ko] – F:Sequia en Lorca.odt

    Tu ne vois pas ces éléments ?

    Je dois le refaire avec les autres ou c’est pas la peine ?

    Oui il faut que tu le fasses avec les autres et nous communiquer les rapports stp

  • yannick
    Nombre d'articles : 0

    ############################## | UsbFix V 7.155 | [Deletion]

    User: hp (Administrator) # PC-HP
    Updated 16/12/2013 by El Desaparecido – Team SosVirus
    Started at 15:35:41 | 31/12/2013

    Website : http://www.en.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.en.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Flextronics (3054)
    CPU: AMD Athlon(tm) Neo Processor MV-40
    RAM -> [Total : 1917 | Free : 770]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Home Basic (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Mozilla Firefox : 26.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Fixed drive # 139 Gb (10 Mb free – 7%) [] # NTFS
    D: -> Fixed drive # 10 Gb (2 Mb free – 17%) [RECOVERY] # NTFS
    G: -> Fixed drive # 466 Gb (115 Mb free – 25%) [MEMORIA] # NTFS

    ################## | Stopped processes |

    Stopped! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1960 |ParentID: 672)
    Stopped! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3584 |ParentID: 1920)
    Stopped! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 5532 |ParentID: 672)
    Stopped! C:WindowsSystem32WUDFHost.exe (ID: 5604 |ParentID: 1156)
    Stopped! C:WindowsSystem32rundll32.exe (ID: 1564 |ParentID: 856)
    Stopped! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 5684 |ParentID: 672)
    Stopped! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2988 |ParentID: 5684)
    Stopped! C:Windowssystem32SearchIndexer.exe (ID: 4772 |ParentID: 672)
    Stopped! C:Windowssystem32taskeng.exe (ID: 5600 |ParentID: 1172)
    Stopped! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 4336 |ParentID: 672)
    Stopped! C:Windowssystem32taskeng.exe (ID: 1020 |ParentID: 1172)
    Stopped! C:WindowsSystem32spoolsv.exe (ID: 2024 |ParentID: 672)
    Stopped! C:Windowssystem32SLsvc.exe (ID: 1972 |ParentID: 672)
    Stopped! C:WindowsSystem32rundll32.exe (ID: 4152 |ParentID: 856)
    Stopped! C:WindowsExplorer.exe (ID: 5968 |ParentID: 4508)
    Stopped! C:Program FilesMozilla Firefoxfirefox.exe (ID: 1804 |ParentID: 5968)
    Stopped! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 4916 |ParentID: 1804)
    Stopped! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 152 |ParentID: 4916)
    Stopped! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 3240 |ParentID: 152)
    Stopped! C:Program FilesAresAres.exe (ID: 4648 |ParentID: 5968)
    Stopped! C:WindowsSystem32mobsync.exe (ID: 4368 |ParentID: 856)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesApoint2KApoint.exe
    04 – HKLMSOFTWARE | Run : [TSMAgent] – “C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe”
    04 – HKLMSOFTWARE | Run : [CLMLServer for HP TouchSmart] – “C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe”
    04 – HKLMSOFTWARE | Run : [SmartMenu] – %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
    04 – HKLMSOFTWARE | Run : [UpdateLBPShortCut] – “C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLMSOFTWARE | Run : [UpdatePDIRShortCut] – “C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkPowerDirector” UpdateWithCreateOnce “SOFTWARECyberLinkPowerDirector7.0”
    04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    04 – HKLMSOFTWARE | Run : [WirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLMSOFTWARE | Run : [TVAgent] – “C:Program FilesHewlett-PackardMediaTVTVAgent.exe”
    04 – HKLMSOFTWARE | Run : [Microsoft Default Manager] – “C:Program FilesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program filesrealrealplayerUpdaterealsched.exe” -osboot
    04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
    04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Rainlendar2] – C:Program FilesRainlendar2Rainlendar2.exe
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Power2GoExpress] –
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Google Update] – “C:UsershpAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsershpAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
    04 – HKUS-1-5-21-3376187227-3396461633-3672269599-1000SOFTWARE | Run : [RoboForm] – “C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe”

    ################## | Generic Research |

    Deleted ! E:setup.exe
    Deleted ! E:qlvois.exe

    ################## | Registry |

    ################## | Listing |

    [09/05/2013 – 22:27:14 | N | 1 Ko] – C:DelFix.txt
    [23/12/2013 – 18:21:52 | N | 13 Ko] – C:UsbFix [Scan 1] PC-HP.txt
    [31/12/2013 – 13:21:07 | N | 15 Ko] – C:UsbFix [Clean 1] PC-HP.txt
    [31/12/2013 – 15:37:18 | A | 6 Ko] – C:UsbFix [Clean 2] PC-HP.txt
    [31/12/2013 – 12:26:07 | ASH | 2270464 Ko] – C:pagefile.sys
    [13/05/2009 – 11:55:28 | D] – C:System.sav
    [13/05/2009 – 15:55:43 | SD] – C:$RECYCLE.BIN
    [09/05/2013 – 20:48:48 | A | 0 Ko] – C:autoexec.bat
    [02/11/2006 – 13:59:44 | SHD] – C:Documents and Settings
    [21/01/2008 – 03:43:50 | D] – C:PerfLogs
    [11/04/2009 – 07:36:36 | RAS | 325 Ko] – C:bootmgr
    [13/05/2009 – 11:52:43 | D] – C:Programmi
    [13/05/2009 – 11:53:06 | D] – C:Users
    [20/08/2009 – 19:19:05 | SHD] – C:boot
    [23/11/2009 – 07:47:02 | D] – C:HP
    [10/01/2010 – 01:35:36 | D] – C:My Music
    [29/12/2011 – 23:21:48 | D] – C:Manual-PCProgram
    [27/06/2013 – 12:49:45 | N | 0 Ko] – C:END
    [05/10/2013 – 08:33:46 | D] – C:SwSetup
    [21/12/2013 – 23:20:15 | D] – C:Program Files
    [23/12/2013 – 11:20:47 | D] – C:Windows
    [25/12/2013 – 11:32:01 | SD] – C:System Volume Information
    [31/12/2013 – 12:27:19 | HD] – C:ProgramData
    [31/12/2013 – 13:04:23 | D] – C:Temp
    [31/12/2013 – 15:35:45 | D] – C:UsbFix
    [12/08/2003 – 09:37:30 | S | 178 Ko] – D:protect.turkish
    [10/09/2002 – 13:15:06 | S | 177 Ko] – D:protect.swedish
    [03/11/2005 – 14:11:46 | S | 177 Ko] – D:protect.spanish
    [04/07/2007 – 10:46:44 | S | 178 Ko] – D:protect.slovak
    [28/06/2004 – 07:52:46 | S | 207 Ko] – D:protect.russian
    [15/09/2008 – 14:57:54 | S | 177 Ko] – D:protect.romanian
    [13/05/2009 – 11:54:07 | N | 0 Ko] – D:BLOCK.RIN
    [27/10/2005 – 18:24:10 | S | 178 Ko] – D:protect.portuguese brazilian
    [03/11/2005 – 14:13:12 | S | 177 Ko] – D:protect.portuguese
    [25/04/2006 – 13:44:10 | S | 178 Ko] – D:protect.polish
    [03/11/2005 – 14:15:12 | S | 177 Ko] – D:protect.norwegian
    [31/12/2013 – 12:26:51 | N | 0 Ko] – D:MASTER.LOG
    [24/11/2005 – 10:24:44 | S | 213 Ko] – D:protect.korean
    [19/06/2007 – 14:22:10 | S | 178 Ko] – D:protect.japanese
    [03/11/2005 – 14:17:00 | S | 177 Ko] – D:protect.italian
    [04/11/2008 – 16:37:42 | SH | 1 Ko] – D:Desktop.ini
    [31/12/2013 – 13:21:06 | RASHD] – D:Autorun.inf
    [28/08/2007 – 13:58:08 | N | 177 Ko] – D:protect.hungarian
    [10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
    [23/01/2006 – 08:18:00 | S | 178 Ko] – D:protect.hebrew
    [23/11/2005 – 14:56:46 | S | 178 Ko] – D:protect.greek
    [03/11/2005 – 14:18:10 | S | 177 Ko] – D:protect.german
    [03/11/2005 – 14:19:52 | S | 177 Ko] – D:protect.french
    [03/11/2005 – 14:20:20 | S | 177 Ko] – D:protect.finnish
    [22/11/2004 – 14:28:30 | S | 177 Ko] – D:protect.english
    [10/09/2002 – 12:50:18 | S | 177 Ko] – D:protect.ed
    [10/09/2002 – 12:56:12 | S | 177 Ko] – D:protect.dutch
    [03/11/2005 – 14:21:26 | S | 177 Ko] – D:protect.danish
    [27/04/2006 – 15:19:40 | S | 178 Ko] – D:protect.czech
    [16/09/2002 – 13:37:48 | S | 178 Ko] – D:protect.chinese traditional
    [16/09/2002 – 13:37:40 | S | 178 Ko] – D:protect.chinese simplified
    [16/09/2002 – 13:37:48 | S | 178 Ko] – D:protect.chinese hong kong
    [15/09/2008 – 14:57:58 | S | 178 Ko] – D:protect.bulgarian
    [13/05/2009 – 15:55:43 | SD] – D:$RECYCLE.BIN
    [12/09/2008 – 16:17:38 | S | 373 Ko] – D:protect.arabic
    [03/10/2006 – 22:02:44 | S | 428 Ko] – D:bootmgr
    [29/03/2009 – 20:49:13 | RD] – D:RECOVERY
    [29/03/2009 – 20:49:14 | RSHD] – D:boot
    [29/03/2009 – 20:49:22 | D] – D:WINDOWS
    [29/03/2009 – 20:49:22 | RSHD] – D:SOURCES
    [29/03/2009 – 20:49:23 | RSHD] – D:PRELOAD
    [29/03/2009 – 20:49:37 | D] – D:Tools
    [29/03/2009 – 20:49:38 | D] – D:HP
    [15/06/2009 – 17:22:27 | SD] – D:System Volume Information
    [07/11/2008 – 14:56:34 | N | 42 Ko] – E:wdinstaller.xml
    [06/11/2008 – 15:49:04 | N | 0 Ko] – E:Install.ini
    [23/12/2013 – 18:21:54 | RASHD] – E:Autorun.inf
    [24/04/2004 – 11:38:56 | N | 37 Ko | D7AA80A5EF4FB2B7AD6EFC3CDAD677F3] – E:JSTART.exe
    [08/02/2008 – 12:44:38 | N | 4467 Ko | BE2C2100D62C8AF2EF7FFE02A3E29E79] – E:WDSync.exe
    [25/11/2008 – 11:03:44 | N | 2271 Ko | 4668661CDA9B43334BE7E171833E323D] – E:WDSetup.exe
    [06/09/2009 – 11:41:42 | SHD] – E:$RECYCLE.BIN
    [08/12/2008 – 10:18:56 | D] – E:WD_Windows_Tools
    [08/12/2008 – 10:19:32 | D] – E:Documentation
    [08/12/2008 – 10:19:36 | D] – E:autorun
    [08/05/2009 – 20:33:26 | D] – E:Teat la cour
    [24/07/2009 – 13:41:50 | D] – E:Film
    [25/08/2009 – 19:16:34 | D] – E:Anime
    [04/09/2009 – 08:43:38 | SHD] – E:System Volume Information
    [24/01/2010 – 13:50:18 | D] – E:Musik
    [03/03/2011 – 12:23:00 | D] – E:RENZO
    [03/03/2011 – 15:02:46 | D] – E:Recycled
    [23/03/2011 – 00:17:32 | D] – E:Music
    [23/12/2013 – 18:21:52 | RASHD] – G:Autorun.inf
    [21/03/2008 – 08:41:00 | N | 70 Ko] – G:Maxtor_Desktop.ico
    [26/08/2008 – 17:14:53 | N | 52 Ko] – G:DIPLOMES_FRANCAIS.doc
    [29/10/2008 – 15:58:49 | N | 72 Ko] – G:curriculum.doc
    [29/05/2008 – 18:52:08 | N | 1 Ko] – G:MediaID.bin
    [03/01/2012 – 20:11:24 | SHD] – G:$RECYCLE.BIN
    [29/05/2008 – 18:57:12 | D] – G:PC-DE-YAYA
    [14/03/2009 – 20:18:43 | D] – G:288ff452cfd6c937eb
    [14/03/2009 – 20:18:46 | D] – G:22fd487b6db0e4b46b208e
    [14/03/2009 – 20:37:22 | D] – G:2a34052de12fc87a507279
    [15/03/2009 – 13:52:42 | D] – G:ed49e0da6139981615a5f5612e12
    [15/03/2009 – 13:53:43 | D] – G:bf35e38fbce6f8cd9ccebf3bdb2a478a
    [15/03/2009 – 13:54:40 | D] – G:8230c3a40b4c1a0f532694
    [25/08/2009 – 04:51:38 | SHD] – G:System Volume Information
    [26/08/2009 – 09:54:10 | SHD] – G:RECYCLER
    [11/09/2009 – 12:43:03 | D] – G:Fotitos
    [28/03/2011 – 20:21:12 | D] – G:Document
    [28/03/2011 – 20:22:24 | D] – G:Nueva carpeta
    [30/03/2011 – 07:40:01 | D] – G:JAZZ-SOUL-FUNK08
    [30/03/2011 – 07:40:08 | D] – G:musica
    [30/03/2011 – 07:44:31 | D] – G:JAZZ-SOUL-FUNK 07
    [19/06/2011 – 02:01:43 | D] – G:6bbd16f0c5d17c516c84f367
    [19/06/2011 – 02:45:02 | D] – G:4c98817715a0b192f6297a2212
    [03/01/2012 – 22:37:57 | D] – G:Immagini Pauline
    [03/01/2012 – 23:51:33 | D] – G:Documents
    [15/01/2012 – 12:31:06 | D] – G:Videos
    [08/09/2012 – 23:55:23 | D] – G:Music

    ################## | Vaccin |

    D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Anonyme
    Nombre d'articles : 0

    T’as plus de clé à scanner ?

    Redémarre le pc et dis moi si tu vois le contenu de tes clés stp.

  • yannick
    Nombre d'articles : 0

    toutes les clés ont été scanné, et tous mes documents apparaissent normalement :content:
    merci beaucoup et bon réveillon :alcool: 😀

  • Anonyme
    Nombre d'articles : 0

    Bon réveillon 🙂 :noel1

    [pagefan:19awnjfw][/pagefan:19awnjfw]

Le sujet ‘virus serge le lama’ est fermé à de nouvelles réponses.