J'ai aussi retrouvé les rapports à la racine de C..
Voici
le premier rapport qui a été fait lors de la 1ere tentative en "mode normal", avec une clé et un DD de connectés...Le rapport n'est peut être pas complet...
############################## | UsbFix V 7.133 | [Suppression]
Utilisateur: Cléa (Administrateur) # PC-HP-DV5000
Mis à jour le 27/08/2013 par El Desaparecido
Lancé à 23:29:39 | 02/09/2013
Site Web:
http://sosvirus.net/
Upload Malware:
http://sosvirus.net/viewtopic.php?f=6t=489
Contact:
eldesaparecido@sosvirus.net
PC: Hewlett-Packard (HP Pavilion dv5000 (RG009EA#ABF) ) (X86-based PC)
CPU: Genuine Intel(R) CPU T2050 @ 1.60GHz (1596)
RAM - [Total : 510 | Free : 153]
BIOS: Ver 1.00PARTTBL
BOOT: Normal boot
OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 6.0.2900.5512
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) - Disque fixe # 66 Go (14 Go libre(s) - 22%) [] # NTFS
D:\ - Disque fixe # 7 Go (1 Go libre(s) - 18%) [HP_RECOVERY] # FAT32
E:\ - Disque amovible # 4 Go (2 Go libre(s) - 63%) [] # FAT32
F:\ - Disque fixe # 466 Go (17 Go libre(s) - 4%) [LACIE] # NTFS
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [hpWirelessAssistant] - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /installquiet /nodetect
HKLM\SOFTWARE | Run : [High Definition Audio Property Page Shortcut] - CHDAudPropShortcut.exe
HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [QPService] - "C:\Program Files\HP\QuickPlay\QPService.exe"
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [QlbCtrl] - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM\SOFTWARE | Run : [Cpqset] - C:\Program Files\HPQ\Default Settings\cpqset.exe
HKLM\SOFTWARE | Run : [RecGuard] - C:\Windows\SMINST\RecGuard.exe
HKLM\SOFTWARE | Run : [HP Component Manager] - "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HKLM\SOFTWARE | Run : [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [Bron-Spizaetus] - "C:\WINDOWS\ShellNew\sempalong.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-1744838932-353309017-3117134509-1006\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-1744838932-353309017-3117134509-1006\SOFTWARE | Run : [Google Update] - "C:\Documents and Settings\Cléa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1744838932-353309017-3117134509-1006\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1744838932-353309017-3117134509-1006\SOFTWARE | Run : [Tok-Cirrhatus] - "C:\Documents and Settings\Cléa\Local Settings\Application Data\smss.exe"
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
################## | Processus Stoppés |
Stoppé! C:\WINDOWS\system32\spoolsv.exe (1820)
Stoppé! C:\Program Files\Java\jre7\bin\jqs.exe (1972)
Stoppé! C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (152)
Stoppé! C:\WINDOWS\Explorer.exe (260)
Stoppé! C:\WINDOWS\system32\nvsvc32.exe (368)
Stoppé! C:\Program Files\Skype\Updater\Updater.exe (452)
Stoppé! C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (1112)
Stoppé! C:\WINDOWS\system32\wuauclt.exe (1420)
Stoppé! C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (1268)
Stoppé! C:\WINDOWS\system32\RUNDLL32.EXE (824)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (552)
Stoppé! C:\Program Files\HP\QuickPlay\QPService.exe (192)
Stoppé! C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (1872)
Stoppé! C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe (1276)
Stoppé! C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (1308)
Stoppé! C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (1636)
Stoppé! C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (392)
Stoppé! C:\WINDOWS\system32\ctfmon.exe (496)
Stoppé! C:\WINDOWS\system32\wbem\wmiapsrv.exe (764)
Stoppé! C:\Documents and Settings\Cléa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (1340)
Stoppé! C:\Program Files\Skype\Phone\Skype.exe (1500)
Stoppé! C:\WINDOWS\system32\wscntfy.exe (1680)
Stoppé! C:\Documents and Settings\Cléa\Local Settings\Application Data\winlogon.exe (2176)
Stoppé! C:\Documents and Settings\Cléa\Local Settings\Application Data\services.exe (2500)
Stoppé! C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE (2608)
Stoppé! C:\Documents and Settings\Cléa\Local Settings\Application Data\lsass.exe (2816)
Stoppé! C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (3400)
Stoppé! C:\WINDOWS\system32\wuauclt.exe (2440)
################## | Éléments infectieux |
Supprimé! C:\Documents and Settings\Cléa\Application Data\7573595.exe
Supprimé! C:\Documents and Settings\Cléa\Local Settings\Application Data\Bron.tok-12-1
Supprimé! C:\Documents and Settings\Cléa\Local Settings\Application Data\Bron.tok-12-10