Apparemment problèmes détectés

[pear]

Pas grand chose !

 

J'aurais aimé recevoir les 5 rapports de Rogue killer dont vous n'vaez posté que le premier(Scan).

Il faut savoir que Spybot utilise une technologie dépassée.

Si vous ajoutez à cela les problèmes causés par la vaccination qui ralentit le système et TeaTimer qui peut faire obstacle à une désinfection.....

Préférez lui Malwarebytes' Anti-Malware (MBAM)bien plus efficace bien que ,en version libre ,il ne soit pas résident.

 

Pour désactiver TeaTimer qui ne sert à rien et peut faire échouer une désinfection:!

Sous Vista, exécuter avec privilèges Administrateur

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Effacer le contenu du dossier Snapshots(le contenu de snapshots, pas le fichier snapshots) , sous XP :

C:\Documents and Settings\All Users\Application Data\Spybot - Search &Destroy\Snapshots

Et sous Vista :

C:\ProgramData\Spybot - Search & Destroy\Snapshots

 

 

Vaccination Spybot

Si ,dans Spybot S&D vous avez vacciné, allez à l'onglet "vaccination"

cliquez sur "Vaccination" dans la colonne sur la gauche :

Cliquez sur annuler (la flèche bleue) pour annuler la vaccination.

 

Désinstaller Spybot

 

 

 

 

 

Télécharger Usb Fix sur le bureau

 

Installez le avec les paramètres par défault

Vous devez désactiver la protection en temps réel de votre Antivirus qui peut considérer certains composants de ce logiciel comme néfastes.

Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Brancher les périphériques externes (clé USB, disque dur externe, etc...) sans les ouvrir

Si vous êtes sous Vistaésactiver L'UAC ,avant utilisation.

 

Faire un Clic-droit sur le raccourci Usbfix sur le bureau et choisir "Exécuter en tant qu'administrateur".

 

Lancer l' option Recherche

le rapport UsbFix.txt est sauvegardé à la racine du disque .

Faites en un copier/coller dans le bloc notes pour le poster.

 

Ensuite,

Lancer l'option Suppression

Le bureau disparait et le pc redémarre

Patientez le temps du scan.

le rapport UsbFix.txt est sauvegardé à la racine du disque

Faites en un copier/coller dans le bloc notes pour le poster.

Pour les rapports qui sont courts (ex. Malwarebytes, AD-R, USBFix, etc.), copiez/collez sur votre sujet

 

Pour vous éviter une infection ultérieure:

Lancer l' OptionVaccination

 

 

Pour Désinstaller UsbFix (après la désinfection)

Double clic sur le raccourci sur le bureau

Lancer l'option Désinstaller

 

 

Nettoyage

 

Double-clic sur l'icône OTLPE sur le Bureau.

 

A la demande Do you wish to load the remote registry cliquezYes

et de même Do you wish to load remote user profile(s) for scanning cliquez Yes

Vérifiez que Automatically Load All Remaining Users est bien coché et validez

 

copier/coller tout le texte suivant (en vert) dans la fenêtre de Personnalisation Custom Scan/Fixes

:OTL

 

DRV - File not found [Kernel | Auto | Stopped] -- -- (TinaKey)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Splunk\bin\splunkdrv-win6.sys -- (splunkdrv-win6)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - File not found [Kernel | On_Demand | Stopped] -- c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys -- (RapportIaso)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\MsgPlusDriver.sys -- (MsgPlusDriver)

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O3 - HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\..\Toolbar\ShellBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.

O3 - HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.

O4 - HKU\S-1-5-21-1835667813-2538981492-1255117997-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

MsConfig - StartUpReg: CorelDRAW Graphics Suite 11b - hkey= - key= - File not found

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found

MsConfig - StartUpReg: UfSeAgnt.exe - hkey= - key= - Reg Error: Value error. File not found

@Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:A4241298

@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:FEDC61E9

@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:7E4E56EA

@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:1A8BB29B

@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:C0A9B815

@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:BF6C81B2

@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:D431AA5F

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B013599

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

:commands

[PURITY]

[EMPTYTEMP]

[REBOOT]

Dans la fenêtre de l'outil OTLPE, cliquez sur [bRun Fix][/b] ;

Patientez juqu'à l'apparition du rapport

Faites un "Shutdown" de l'environnement OTLPE (via le bouton "Start" au bas à gauche) et redémarrez normalement la machine infectée après avoir retiré le CD OTLPE.

collez le rapport de OTLPE dans votre réponse

[jg92]

Voici contenu des fichiers demandés

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : RogueKiller - Geeks to Go Forums

Website : Download RogueKiller (Official website)

Blog : tigzy-RK

 

Operating System : Windows XP (5.1.2600 ) 32 bits version

Started in : Normal mode

User : SYSTEM [Admin rights]

Mode : Remove -- Date : 04/09/2013 10:28:04

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[FILEASSO] HKLM\[...]\command : (X:\I386\IEXPLORE.EXE) [-] -> FOLDER NOT FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ Extern Hives: ¤¤¤

-> C:\windows\system32\config\SOFTWARE

-> C:\windows\system32\config\SYSTEM

-> C:\Users\bureau\NTUSER.DAT

-> C:\Users\Default\NTUSER.DAT

-> C:\Users\Default User\NTUSER.DAT

-> C:\Users\gaelle\NTUSER.DAT

-> C:\Users\Invité\NTUSER.DAT

-> C:\Documents and Settings\bureau\NTUSER.DAT

-> C:\Documents and Settings\Default\NTUSER.DAT

-> C:\Documents and Settings\Default User\NTUSER.DAT

-> C:\Documents and Settings\gaelle\NTUSER.DAT

-> C:\Documents and Settings\Invité\NTUSER.DAT

 

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> X:\i386\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] eb8b601a1937fa6e05f93ef4c69c33c6

[bSP] d8df495a2a2a23ae11396c4152156880 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] eff74395a09cca66a49eb8d2e650d3ee

[bSP] 15aa431f21a280c81d2601e5a5773708 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] FAT12 (0x01) [VISIBLE] Offset (sectors): 63 | Size: 15 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32136 | Size: 238401 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[2]_D_04092013_02d1028.txt >>

RKreport[1]_S_04092013_02d0511.txt ; RKreport[2]_D_04092013_02d1028.txt

 

 

suite

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : RogueKiller - Geeks to Go Forums

Website : Download RogueKiller (Official website)

Blog : tigzy-RK

 

Operating System : Windows XP (5.1.2600 ) 32 bits version

Started in : Normal mode

User : SYSTEM [Admin rights]

Mode : Remove -- Date : 04/09/2013 10:29:37

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[FILEASSO] HKLM\[...]\command : (X:\I386\IEXPLORE.EXE) [-] -> FOLDER NOT FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ Extern Hives: ¤¤¤

-> C:\windows\system32\config\SOFTWARE

-> C:\windows\system32\config\SYSTEM

-> C:\Users\bureau\NTUSER.DAT

-> C:\Users\Default\NTUSER.DAT

-> C:\Users\Default User\NTUSER.DAT

-> C:\Users\gaelle\NTUSER.DAT

-> C:\Users\Invité\NTUSER.DAT

-> C:\Documents and Settings\bureau\NTUSER.DAT

-> C:\Documents and Settings\Default\NTUSER.DAT

-> C:\Documents and Settings\Default User\NTUSER.DAT

-> C:\Documents and Settings\gaelle\NTUSER.DAT

-> C:\Documents and Settings\Invité\NTUSER.DAT

 

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> X:\i386\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] eb8b601a1937fa6e05f93ef4c69c33c6

[bSP] d8df495a2a2a23ae11396c4152156880 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] eff74395a09cca66a49eb8d2e650d3ee

[bSP] 15aa431f21a280c81d2601e5a5773708 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] FAT12 (0x01) [VISIBLE] Offset (sectors): 63 | Size: 15 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32136 | Size: 238401 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[3]_D_04092013_02d1029.txt >>

RKreport[1]_S_04092013_02d0511.txt ; RKreport[2]_D_04092013_02d1028.txt ; RKreport[3]_D_04092013_02d1029.txt

 

 

suite

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : RogueKiller - Geeks to Go Forums

Website : Download RogueKiller (Official website)

Blog : tigzy-RK

 

Operating System : Windows XP (5.1.2600 ) 32 bits version

Started in : Normal mode

User : SYSTEM [Admin rights]

Mode : Remove -- Date : 04/09/2013 10:30:11

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[FILEASSO] HKLM\[...]\command : (X:\I386\IEXPLORE.EXE) [-] -> FOLDER NOT FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ Extern Hives: ¤¤¤

-> C:\windows\system32\config\SOFTWARE

-> C:\windows\system32\config\SYSTEM

-> C:\Users\bureau\NTUSER.DAT

-> C:\Users\Default\NTUSER.DAT

-> C:\Users\Default User\NTUSER.DAT

-> C:\Users\gaelle\NTUSER.DAT

-> C:\Users\Invité\NTUSER.DAT

-> C:\Documents and Settings\bureau\NTUSER.DAT

-> C:\Documents and Settings\Default\NTUSER.DAT

-> C:\Documents and Settings\Default User\NTUSER.DAT

-> C:\Documents and Settings\gaelle\NTUSER.DAT

-> C:\Documents and Settings\Invité\NTUSER.DAT

 

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> X:\i386\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] eb8b601a1937fa6e05f93ef4c69c33c6

[bSP] d8df495a2a2a23ae11396c4152156880 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] eff74395a09cca66a49eb8d2e650d3ee

[bSP] 15aa431f21a280c81d2601e5a5773708 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] FAT12 (0x01) [VISIBLE] Offset (sectors): 63 | Size: 15 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32136 | Size: 238401 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[4]_D_04092013_02d1030.txt >>

RKreport[1]_S_04092013_02d0511.txt ; RKreport[2]_D_04092013_02d1028.txt ; RKreport[3]_D_04092013_02d1029.txt ; RKreport[4]_D_04092013_02d1030.txt

 

 

 

suite

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : RogueKiller - Geeks to Go Forums

Website : Download RogueKiller (Official website)

Blog : tigzy-RK

 

Operating System : Windows XP (5.1.2600 ) 32 bits version

Started in : Normal mode

User : SYSTEM [Admin rights]

Mode : Remove -- Date : 04/09/2013 10:30:37

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[FILEASSO] HKLM\[...]\command : (X:\I386\IEXPLORE.EXE) [-] -> FOLDER NOT FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ Extern Hives: ¤¤¤

-> C:\windows\system32\config\SOFTWARE

-> C:\windows\system32\config\SYSTEM

-> C:\Users\bureau\NTUSER.DAT

-> C:\Users\Default\NTUSER.DAT

-> C:\Users\Default User\NTUSER.DAT

-> C:\Users\gaelle\NTUSER.DAT

-> C:\Users\Invité\NTUSER.DAT

-> C:\Documents and Settings\bureau\NTUSER.DAT

-> C:\Documents and Settings\Default\NTUSER.DAT

-> C:\Documents and Settings\Default User\NTUSER.DAT

-> C:\Documents and Settings\gaelle\NTUSER.DAT

-> C:\Documents and Settings\Invité\NTUSER.DAT

 

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> X:\i386\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] eb8b601a1937fa6e05f93ef4c69c33c6

[bSP] d8df495a2a2a23ae11396c4152156880 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] eff74395a09cca66a49eb8d2e650d3ee

[bSP] 15aa431f21a280c81d2601e5a5773708 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] FAT12 (0x01) [VISIBLE] Offset (sectors): 63 | Size: 15 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32136 | Size: 238401 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[5]_D_04092013_02d1030.txt >>

RKreport[1]_S_04092013_02d0511.txt ; RKreport[2]_D_04092013_02d1028.txt ; RKreport[3]_D_04092013_02d1029.txt ; RKreport[4]_D_04092013_02d1030.txt ; RKreport[5]_D_04092013_02d1030.txt

[pear]

Non!

 

Vous avez posté plusieurs fois le mode Suppression(Remove)

 

Cliquer sur Suppression. Cliquer sur Rapport et copier/coller le contenu :c'est fait

Cliquer sur Host RAZ. Cliquer sur Rapport et copier/coller le contenu à faire

Cliquer sur Proxy RAZ. Cliquer sur Rapport [/b]et copier/coller le contenu à faire

Cliquer sur DNS RAZ. Cliquer sur Rapport[/b]etcopier/coller le contenu à faire

Cliquer sur Racc. RAZ. Cliquer sur Rapport[/b] et copier coller le contenu du notepad à faire

[jg92]

Bonjour, Voici le contenu des analyses de UsbFix

 

############################## | UsbFix V 7.120 | [Recherche]

 

Utilisateur: bureau (Administrateur) # BUREAU-JACK

Mis à jour le 30/03/2013 par El Desaparecido

Lancé à 21:48:33 | 09/04/2013

 

Site Web: SosVirus

Upload Malware: Upload Malware pour analyse

Contact: contact@sosvirus.org

 

PC: Dell Inc. (Dell DM061 ) (X86-based PC)

CPU: Intel® Core2 CPU 6300 @ 1.86GHz (1867)

RAM -> [Total : 3070 | Free : 1565]

BIOS: Phoenix ROM BIOS PLUS Version 1.10 2.4.0

BOOT: Normal boot

 

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) # Service Pack 1

WB: Windows Internet Explorer 10.0.9200.16521

 

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: avast! Internet Security [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

 

C:\ (%systemdrive%) -> Disque fixe # 466 Go (52 Go libre(s) - 11%) [] # NTFS

D:\ -> Disque fixe # 233 Go (79 Go libre(s) - 34%) [sos] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

H:\ -> CD-ROM

I:\ -> CD-ROM

N:\ -> CD-ROM

 

################## | Processus Actif |

 

C:\Windows\system32\csrss.exe (884)

C:\Windows\system32\wininit.exe (1176)

C:\Windows\system32\csrss.exe (1188)

C:\Windows\system32\services.exe (1224)

C:\Windows\system32\lsass.exe (1248)

C:\Windows\system32\lsm.exe (1256)

C:\Windows\system32\winlogon.exe (1380)

C:\Windows\system32\svchost.exe (1412)

C:\Windows\system32\svchost.exe (1512)

C:\Windows\system32\atiesrxx.exe (1560)

C:\Windows\System32\svchost.exe (1636)

C:\Windows\System32\svchost.exe (1684)

C:\Windows\system32\svchost.exe (1744)

C:\Windows\system32\svchost.exe (1792)

C:\Windows\system32\svchost.exe (384)

C:\Windows\system32\svchost.exe (848)

C:\Windows\system32\atieclxx.exe (788)

C:\Windows\system32\svchost.exe (2060)

C:\Program Files\AVAST Software\Avast\AvastSvc.exe (2096)

C:\Program Files\AVAST Software\Avast\afwServ.exe (2144)

C:\Windows\System32\spoolsv.exe (2260)

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (2544)

C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (2568)

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (2640)

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (2688)

C:\Windows\System32\alg.exe (2728)

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2752)

C:\Program Files\Bonjour\mDNSResponder.exe (2824)

C:\Windows\system32\svchost.exe (2856)

C:\Program Files\Cobian Backup 11\cbVSCService11.exe (2876)

C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe (3020)

C:\Windows\system32\dllhost.exe (3152)

C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (3200)

C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (3240)

C:\Windows\system32\svchost.exe (3288)

C:\Windows\system32\FLK.exe (3432)

C:\Windows\system32\WinFLService.exe (3472)

C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (3516)

C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (3652)

C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (3716)

C:\Windows\system32\GSService.exe (3744)

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (3992)

C:\Program Files\RIFT Technologies\InstallClick Connector\installclick.exe (4016)

C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe (4040)

C:\Program Files\RIFT Technologies\InstallClick Connector\installclick-connector.exe (4052)

C:\Windows\system32\conhost.exe (4060)

C:\Windows\System32\svchost.exe (4088)

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (2112)

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (3016)

C:\Program Files\Microsoft LifeCam\MSCamS32.exe (3512)

C:\Windows\System32\msdtc.exe (3556)

C:\Program Files\Yuna Software\Messenger Plus! Skins for Facebook\MsgPlusForFacebookService.exe (3944)

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (4272)

C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (4356)

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe (4416)

C:\Windows\system32\taskeng.exe (4580)

C:\Windows\system32\taskhost.exe (4764)

C:\Program Files\PDF Architect\HelperService.exe (5072)

C:\Program Files\PDF Architect\ConversionService.exe (5156)

C:\Windows\system32\svchost.exe (5208)

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (5272)

C:\Program Files\CyberLink\Shared files\RichVideo.exe (5308)

C:\Program Files\WinPcap\rpcapd.exe (5344)

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe (5384)

C:\Windows\system32\svchost.exe (5404)

C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (5492)

C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (5584)

C:\Windows\system32\svchost.exe (5620)

C:\Windows\System32\svchost.exe (5644)

C:\Program Files\Syncovery\SyncoveryVSS.exe (6004)

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (6068)

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (6104)

C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (6132)

C:\Windows\system32\Tweak7SystemService.exe (4548)

C:\Windows\System32\vds.exe (4964)

C:\Windows\system32\vssvc.exe (1864)

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe (108)

C:\Windows\system32\svchost.exe (4892)

C:\Windows\System32\svchost.exe (4500)

C:\Windows\System32\svchost.exe (4460)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (5436)

C:\Windows\system32\SearchIndexer.exe (5876)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (5116)

C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (5904)

C:\Windows\System32\WUDFHost.exe (5996)

C:\Windows\system32\wbem\wmiprvse.exe (6360)

C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe (6656)

C:\Windows\System32\svchost.exe (6708)

C:\Windows\system32\Dwm.exe (6772)

C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe (6780)

C:\Windows\Explorer.EXE (6812)

C:\Program Files\AVAST Software\Avast\AvastUI.exe (7212)

C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (8156)

C:\Program Files\Windows Media Player\wmpnetwk.exe (6440)

C:\Program Files\Windows Sidebar\sidebar.exe (6476)

C:\Program Files\Start Menu X\StartMenuX.exe (6740)

C:\Program Files\Cordial\Integration_Cordial.exe (4028)

C:\Windows\System32\WinFLTray.exe (7400)

C:\Program Files\MyTomTom 3\MyTomTomSA.exe (7368)

C:\Users\bureau\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (7320)

C:\Program Files\Windows Live\Messenger\msnmsgr.exe (7348)

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (7232)

C:\Program Files\Cobian Backup 11\Cobian.exe (4712)

C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (3832)

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (5320)

C:\Program Files\Cobian Backup 11\cbInterface.exe (3404)

C:\Users\bureau\AppData\Roaming\Dropbox\bin\Dropbox.exe (888)

C:\Program Files\Stardock\ObjectDock Plus\ObjectDock.exe (4600)

C:\Program Files\Windows Live\Contacts\wlcomm.exe (8092)

C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (5228)

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (6804)

C:\Program Files\Stardock\ObjectDock Plus\ObjectDockTray.exe (6544)

C:\Windows\system32\sppsvc.exe (1716)

C:\Windows\system32\UI0Detect.exe (2808)

C:\Windows\system32\prevhost.exe (9676)

C:\Windows\explorer.exe (9444)

C:\Windows\system32\wbem\wmiprvse.exe (6076)

C:\Windows\system32\SearchProtocolHost.exe (4400)

C:\UsbFix\Go.exe (6608)

C:\Windows\system32\SearchFilterHost.exe (8516)

 

################## | El Desaparecido Section |

 

HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

HKLM\SOFTWARE | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml

HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKLM\SOFTWARE | Run : [sysTrayApp] - %ProgramFiles%\IDT\WDM\sttray.exe

HKLM\SOFTWARE | Run : [LifeCam] - "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

HKLM\SOFTWARE | Run : [Fences] - "C:\Program Files\Stardock\Fences\Fences.exe" /startup

HKLM\SOFTWARE | Run : [ACPW06FR] - "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06FR

HKLM\SOFTWARE | Run : [smart File Advisor] - "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc

HKLM\SOFTWARE | Run : [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKLM\SOFTWARE | Run : [bCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

HKU\S-1-5-19\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [0934CC49F1BD9DEB16EBBD32159ED7952AF559C2._service_run] - "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [startMenuX] - C:\Program Files\Start Menu X\StartMenuX.exe

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [integration de Cordial] - C:\PROGRAM FILES\CORDIAL\INTEGRATION_CORDIAL.EXE

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [WinFLTray] - C:\Windows\system32\WinFLTray.exe

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [MyTomTomSA.exe] - "C:\Program Files\MyTomTom 3\MyTomTomSA.exe"

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [skyDrive] - "C:\Users\bureau\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [Cobian Backup 11] - "C:\Program Files\Cobian Backup 11\Cobian.exe"

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [backgroundSwitcher] - "C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [RoboForm] - "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

 

################## | Éléments infectieux |

 

 

################## | Registre |

 

 

################## | Mountpoints2 |

 

 

 

################## | Vaccin |

 

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

Z:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

 

################## | E.O.F | SosVirus |

 

 

la suite (suppression)

 

 

############################## | UsbFix V 7.120 | [suppression]

 

Utilisateur: bureau (Administrateur) # BUREAU-JACK

Mis à jour le 30/03/2013 par El Desaparecido

Lancé à 22:44:06 | 09/04/2013

 

Site Web: SosVirus

Upload Malware: Upload Malware pour analyse

Contact: contact@sosvirus.org

 

PC: Dell Inc. (Dell DM061 ) (X86-based PC)

CPU: Intel® Core2 CPU 6300 @ 1.86GHz (1867)

RAM -> [Total : 3070 | Free : 1311]

BIOS: Phoenix ROM BIOS PLUS Version 1.10 2.4.0

BOOT: Normal boot

 

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) # Service Pack 1

WB: Windows Internet Explorer 10.0.9200.16521

 

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: avast! Internet Security [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

 

C:\ (%systemdrive%) -> Disque fixe # 466 Go (52 Go libre(s) - 11%) [] # NTFS

D:\ -> Disque fixe # 233 Go (79 Go libre(s) - 34%) [sos] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

H:\ -> CD-ROM

I:\ -> CD-ROM

N:\ -> CD-ROM

 

################## | El Desaparecido Section |

 

HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

HKLM\SOFTWARE | Run : [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml

HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKLM\SOFTWARE | Run : [sysTrayApp] - %ProgramFiles%\IDT\WDM\sttray.exe

HKLM\SOFTWARE | Run : [LifeCam] - "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

HKLM\SOFTWARE | Run : [Fences] - "C:\Program Files\Stardock\Fences\Fences.exe" /startup

HKLM\SOFTWARE | Run : [ACPW06FR] - "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06FR

HKLM\SOFTWARE | Run : [smart File Advisor] - "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc

HKLM\SOFTWARE | Run : [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKLM\SOFTWARE | Run : [bCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

HKU\S-1-5-19\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [0934CC49F1BD9DEB16EBBD32159ED7952AF559C2._service_run] - "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [startMenuX] - C:\Program Files\Start Menu X\StartMenuX.exe

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [integration de Cordial] - C:\PROGRAM FILES\CORDIAL\INTEGRATION_CORDIAL.EXE

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [WinFLTray] - C:\Windows\system32\WinFLTray.exe

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [MyTomTomSA.exe] - "C:\Program Files\MyTomTom 3\MyTomTomSA.exe"

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [skyDrive] - "C:\Users\bureau\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [Cobian Backup 11] - "C:\Program Files\Cobian Backup 11\Cobian.exe"

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [backgroundSwitcher] - "C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"

HKU\S-1-5-21-1835667813-2538981492-1255117997-1000\SOFTWARE | Run : [RoboForm] - "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

 

################## | Processus Stoppés |

 

Stoppé! C:\Windows\system32\atiesrxx.exe (1560)

Stoppé! C:\Windows\system32\atieclxx.exe (788)

Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (2096)

Stoppé! C:\Program Files\AVAST Software\Avast\afwServ.exe (2144)

Stoppé! C:\Windows\System32\spoolsv.exe (2260)

Stoppé! C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (2544)

Stoppé! C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (2568)

Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (2640)

Stoppé! C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (2688)

Stoppé! C:\Windows\System32\alg.exe (2728)

Stoppé! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2752)

Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (2824)

Stoppé! C:\Program Files\Cobian Backup 11\cbVSCService11.exe (2876)

Stoppé! C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe (3020)

Stoppé! C:\Windows\system32\dllhost.exe (3152)

Stoppé! C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (3200)

Stoppé! C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (3240)

Stoppé! C:\Windows\system32\FLK.exe (3432)

Stoppé! C:\Windows\system32\WinFLService.exe (3472)

Stoppé! C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (3516)

Stoppé! C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (3652)

Stoppé! C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (3716)

Stoppé! C:\Windows\system32\GSService.exe (3744)

Stoppé! C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (3992)

Stoppé! C:\Program Files\RIFT Technologies\InstallClick Connector\installclick.exe (4016)

Stoppé! C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe (4040)

Stoppé! C:\Program Files\RIFT Technologies\InstallClick Connector\installclick-connector.exe (4052)

Stoppé! C:\Windows\system32\conhost.exe (4060)

Stoppé! C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (2112)

Stoppé! C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (3016)

Stoppé! C:\Program Files\Microsoft LifeCam\MSCamS32.exe (3512)

Stoppé! C:\Windows\System32\msdtc.exe (3556)

Stoppé! C:\Program Files\Yuna Software\Messenger Plus! Skins for Facebook\MsgPlusForFacebookService.exe (3944)

Stoppé! C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (4272)

Stoppé! C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (4356)

Stoppé! C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe (4416)

Stoppé! C:\Windows\system32\taskeng.exe (4580)

Stoppé! C:\Windows\system32\taskhost.exe (4764)

Stoppé! C:\Program Files\PDF Architect\HelperService.exe (5072)

Stoppé! C:\Program Files\PDF Architect\ConversionService.exe (5156)

Stoppé! c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (5272)

Stoppé! C:\Program Files\CyberLink\Shared files\RichVideo.exe (5308)

Stoppé! C:\Program Files\WinPcap\rpcapd.exe (5344)

Stoppé! C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe (5384)

Stoppé! C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (5492)

Stoppé! C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (5584)

Stoppé! C:\Program Files\Syncovery\SyncoveryVSS.exe (6004)

Stoppé! C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (6068)

Stoppé! C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (6104)

Stoppé! C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (6132)

Stoppé! C:\Windows\system32\Tweak7SystemService.exe (4548)

Stoppé! C:\Windows\System32\vds.exe (4964)

Stoppé! C:\Windows\system32\vssvc.exe (1864)

Stoppé! C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe (108)

Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (5436)

Stoppé! C:\Windows\system32\SearchIndexer.exe (5876)

Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (5116)

Stoppé! C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (5904)

Stoppé! C:\Windows\System32\WUDFHost.exe (5996)

Stoppé! C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe (6656)

Stoppé! C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe (6780)

Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (7212)

Stoppé! C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (8156)

Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (6440)

Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (6476)

Stoppé! C:\Program Files\Start Menu X\StartMenuX.exe (6740)

Stoppé! C:\Program Files\Cordial\Integration_Cordial.exe (4028)

Stoppé! C:\Windows\System32\WinFLTray.exe (7400)

Stoppé! C:\Program Files\MyTomTom 3\MyTomTomSA.exe (7368)

Stoppé! C:\Users\bureau\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (7320)

Stoppé! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (7348)

Stoppé! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (7232)

Stoppé! C:\Program Files\Cobian Backup 11\Cobian.exe (4712)

Stoppé! C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (3832)

Stoppé! C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (5320)

Stoppé! C:\Program Files\Cobian Backup 11\cbInterface.exe (3404)

Stoppé! C:\Users\bureau\AppData\Roaming\Dropbox\bin\Dropbox.exe (888)

Stoppé! C:\Program Files\Stardock\ObjectDock Plus\ObjectDock.exe (4600)

Stoppé! C:\Program Files\Windows Live\Contacts\wlcomm.exe (8092)

Stoppé! C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (5228)

Stoppé! C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (6804)

Stoppé! C:\Program Files\Stardock\ObjectDock Plus\ObjectDockTray.exe (6544)

Stoppé! C:\Windows\system32\sppsvc.exe (1716)

Stoppé! C:\Windows\system32\UI0Detect.exe (2808)

Stoppé! C:\Windows\system32\prevhost.exe (9676)

 

################## | Éléments infectieux |

 

 

(!) Fichiers temporaires supprimés.

 

################## | Registre |

 

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[01/12/2012 - 11:30:12 | SHD ] C:\$Recycle.Bin

[09/01/2013 - 07:17:01 | D ] C:\$WINDOWS.~BT

[18/04/2011 - 20:56:01 | D ] C:\Ad-Remover

[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat

[09/04/2013 - 18:59:59 | RASHD ] C:\Autorun.inf

[03/10/2012 - 07:41:46 | D ] C:\BigFishGamesCache

[09/01/2013 - 08:05:41 | D ] C:\Boot

[20/11/2010 - 13:40:07 | RASH | 383786] C:\bootmgr

[26/07/2012 - 06:10:16 | N | 1] C:\BOOTNXT

[09/01/2013 - 07:14:48 | N | 8192] C:\BOOTSECT.BAK

[13/06/2011 - 19:39:04 | D ] C:\canon

[09/03/2013 - 08:55:50 | D ] C:\CloneDVDTemp

[06/07/2011 - 07:55:37 | D ] C:\ComicToEPUB

[10/06/2009 - 22:42:20 | N | 10] C:\config.sys

[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings

[28/03/2013 - 11:49:13 | D ] C:\Données

[23/12/2012 - 08:14:05 | D ] C:\DriveKey

[29/10/2012 - 17:23:27 | D ] C:\ESD

[23/02/2013 - 11:24:59 | D ] C:\FileMenuTools

[03/04/2012 - 08:22:37 | D ] C:\Firefox Ultimate Optimizer

[08/05/2011 - 07:19:17 | D ] C:\FreePack

[04/11/2011 - 09:41:21 | D ] C:\GameHouse Games

[18/04/2011 - 20:53:59 | D ] C:\ghostscript-8.71

[09/04/2013 - 20:43:32 | ASH | 2414280704] C:\hiberfil.sys

[17/05/2011 - 15:05:39 | N | 0] C:\IO.SYS

[19/09/2011 - 08:57:10 | N | 1213] C:\JavaRa.log

[02/04/2013 - 14:00:34 | D ] C:\JRT

[16/05/2011 - 05:58:00 | D ] C:\Listage dossiers et fichiers en txt

[09/04/2013 - 22:44:14 | N | 115] C:\log2.txt

[31/01/2013 - 18:42:29 | D ] C:\MP3Toolkit

[17/05/2011 - 15:05:39 | N | 0] C:\MSDOS.SYS

[03/02/2012 - 11:22:09 | RHD ] C:\MSOCache

[09/04/2013 - 21:08:53 | N | 2176631] C:\npsimple.log

[17/03/2012 - 09:36:43 | D ] C:\Numedocs

[28/12/2012 - 17:10:51 | N | 591] C:\os357577.bin

[09/04/2013 - 20:43:30 | ASH | 3219128320] C:\pagefile.sys

[09/04/2013 - 10:18:26 | N | 512] C:\PhysicalMBR.bin

[03/04/2013 - 07:35:55 | D ] C:\Program Files

[02/04/2013 - 12:33:49 | HD ] C:\ProgramData

[26/01/2012 - 16:28:31 | D ] C:\Programmi

[23/11/2011 - 22:03:05 | N | 440] C:\RoboFormDataHere.txt

[17/05/2011 - 15:11:17 | D ] C:\SIERRA

[09/04/2013 - 18:52:58 | SHD ] C:\System Volume Information

[09/01/2013 - 01:10:52 | D ] C:\temp

[13/01/2013 - 10:26:43 | D ] C:\ToolBar SD

[20/02/2013 - 19:00:16 | N | 687] C:\trace.txt

[09/04/2013 - 23:02:31 | D ] C:\UsbFix

[09/04/2013 - 23:02:49 | A | 12882] C:\UsbFix [Clean 2] BUREAU-JACK.txt

[09/04/2013 - 22:10:26 | N | 11487] C:\UsbFix [scan 4] BUREAU-JACK.txt

[05/02/2012 - 18:41:08 | D ] C:\Users

[09/04/2013 - 20:48:48 | D ] C:\Windows

[21/05/2010 - 16:39:57 | N | 0] C:\WindowsLiveMessenger-uccapi-0.uccapilog

[18/04/2011 - 20:53:05 | D ] C:\XnView

[05/02/2012 - 18:41:54 | SHD ] D:\$RECYCLE.BIN

[02/05/2011 - 22:15:24 | D ] D:\ATI Radeon HD 4600 Series

[09/04/2013 - 18:59:59 | RASHD ] D:\Autorun.inf

[16/10/2012 - 02:54:53 | D ] D:\Balabolka

[11/07/2012 - 08:05:00 | N | 11962936] D:\chrome_User Data_11072012.gcb

[28/01/2012 - 23:03:01 | D ] D:\clins

[09/04/2013 - 20:57:48 | D ] D:\D

[08/01/2013 - 13:30:25 | N | 253922] D:\DELONGHI Machine à expresso BCO260 au meilleur prix - Carrefour.pdf

[28/01/2012 - 23:03:24 | D ] D:\driver

[13/07/2012 - 10:25:50 | N | 0] D:\FirexFoxXPCOMLogging.txt

[30/03/2012 - 13:11:44 | D ] D:\Gimp-2.7.4

[04/04/2013 - 17:42:01 | D ] D:\hijackthis

[10/07/2009 - 12:39:00 | N | 350720] D:\hjsplit.exe

[28/01/2012 - 23:08:30 | D ] D:\Installateur

[16/04/2011 - 12:34:53 | D ] D:\KompoZer 0.7.10

[31/03/2013 - 11:09:13 | D ] D:\Mes sauvegardes

[30/04/2012 - 07:49:31 | D ] D:\Outlook

[09/04/2013 - 20:43:30 | ASH | 3219128320] D:\pagefile.sys

[25/11/2012 - 17:04:45 | T | 4873561] D:\Photo 149250.jpg

[15/10/2012 - 17:01:27 | D ] D:\Pictures

[23/12/2010 - 20:42:12 | D ] D:\Pole Position Référencement

[28/01/2012 - 23:06:37 | D ] D:\Poster8

[10/07/2009 - 12:45:40 | N | 582] D:\readme.txt

[30/05/2012 - 14:38:18 | D ] D:\sauvegarde iphoneMovies

[31/03/2013 - 18:26:24 | D ] D:\server2go

[04/11/2011 - 10:05:54 | D ] D:\simplyIcone

[27/01/2011 - 21:17:41 | D ] D:\sos compta

[10/10/2012 - 13:12:37 | D ] D:\sos firefox

[24/05/2011 - 17:32:37 | D ] D:\sos gmail

[09/04/2013 - 13:14:13 | D ] D:\sos outlook

[11/03/2013 - 15:47:17 | D ] D:\sos usb

[24/03/2013 - 11:09:34 | D ] D:\sos-itunes

[09/04/2013 - 04:54:08 | SHD ] D:\System Volume Information

[09/04/2013 - 21:42:25 | D ] D:\UsbFix

[16/10/2012 - 02:50:44 | D ] D:\utilitaires photos

[24/04/2011 - 08:58:55 | D ] D:\vCard

[06/12/2011 - 07:55:52 | D ] D:\Videos

[04/04/2013 - 08:43:25 | D ] D:\Vivre Mieux

[08/03/2011 - 08:27:04 | D ] D:\_gsdata_

[13/06/2011 - 19:19:00 | D ] D:\à ranger

[08/01/2013 - 20:04:37 | D ] Z:\Mes sauvegardes

[29/04/2012 - 12:29:44 | D ] Z:\jeux-érotiques

[20/09/2012 - 15:29:05 | D ] Z:\morphing

[20/09/2012 - 14:55:23 | D ] Z:\server2go-sos

[09/04/2013 - 18:09:22 | D ] Z:\Autorun.inf

[20/09/2012 - 16:11:29 | D ] Z:\server2go

[20/09/2012 - 16:46:20 | D ] Z:\Modélisme

[29/04/2012 - 13:26:41 | D ] Z:\Downloads

[20/09/2012 - 15:28:46 | D ] Z:\joomla

[29/04/2012 - 12:09:01 | D ] Z:\Jeux flash

[28/01/2013 - 15:57:46 | D ] Z:\livres pdf

[16/03/2011 - 09:03:31 | D ] Z:\Ajaxpf

[02/01/2013 - 21:46:10 | D ] Z:\Mes images

[29/04/2012 - 12:29:06 | D ] Z:\jeux-crack

[13/02/2013 - 07:53:26 | D ] Z:\mairie

[12/10/2012 - 07:09:36 | D ] Z:\Mes téléchargements

[14/10/2012 - 08:19:12 | D ] Z:\Brésil

[14/10/2012 - 08:51:41 | D ] Z:\Vidéos

[18/02/2013 - 19:06:00 | D ] Z:\Mes photos

[20/09/2012 - 15:08:25 | D ] Z:\sonia

[03/03/2013 - 12:17:54 | D ] Z:\films

[29/04/2012 - 12:10:30 | D ] Z:\Mes recettes

[29/04/2012 - 12:13:32 | D ] Z:\Mes sons

[20/09/2012 - 15:30:50 | D ] Z:\MVPN 2010

[23/03/2011 - 11:21:11 | D ] Z:\Mes albums

[03/12/2012 - 08:12:05 | D ] Z:\mvpn 2012

[20/09/2012 - 15:09:25 | D ] Z:\jeux

 

################## | Vaccin |

 

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

Z:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

 

################## | E.O.F | SosVirus |