cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

############################## | UsbFix V 7.142 | [Recherche]

Utilisateur: M�lissa (Administrateur) # M�LISSA-TOSH
Mis � jour le 02/10/2013 par El Desaparecido - Team SosVirus
Lanc� � 14:10:17 | 03/10/2013

Site Web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: TOSHIBA (PWWHA)
CPU: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
RAM -> [Total : 4074 | Free : 1406]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows�7 �dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 233 Go (132 Go libre(s) - 57%) [WINDOWS] # NTFS
D:\ -> Disque fixe # 232 Go (192 Go libre(s) - 82%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (2 Go libre(s) - 56%) [MELISSA R] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID 532 |ParentID 472)
C:\Windows\system32\wininit.exe (ID 592 |ParentID 472)
C:\Windows\system32\csrss.exe (ID 616 |ParentID 600)
C:\Windows\system32\services.exe (ID 648 |ParentID 592)
C:\Windows\system32\lsass.exe (ID 672 |ParentID 592)
C:\Windows\system32\lsm.exe (ID 680 |ParentID 592)
C:\Windows\system32\svchost.exe (ID 796 |ParentID 648)
C:\Windows\system32\nvvsvc.exe (ID 872 |ParentID 648)
C:\Windows\system32\svchost.exe (ID 912 |ParentID 648)
C:\Windows\System32\svchost.exe (ID 972 |ParentID 648)
C:\Windows\System32\svchost.exe (ID 1004 |ParentID 648)
C:\Windows\system32\svchost.exe (ID 292 |ParentID 648)
C:\Windows\system32\svchost.exe (ID 332 |ParentID 648)
C:\Windows\system32\svchost.exe (ID 1040 |ParentID 648)
C:\Windows\system32\winlogon.exe (ID 1144 |ParentID 600)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID 1176 |ParentID 648)
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (ID 1504 |ParentID 872)
C:\Windows\system32\nvvsvc.exe (ID 1516 |ParentID 872)
C:\Windows\System32\spoolsv.exe (ID 1756 |ParentID 648)
C:\Windows\system32\svchost.exe (ID 1800 |ParentID 648)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 1976 |ParentID 648)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 1220 |ParentID 648)
C:\Program Files\Bonjour\mDNSResponder.exe (ID 1608 |ParentID 648)
C:\Windows\system32\svchost.exe (ID 1448 |ParentID 648)
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (ID 1708 |ParentID 648)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (ID 1948 |ParentID 648)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 1720 |ParentID 648)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID 2056 |ParentID 648)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID 2760 |ParentID 648)
C:\Windows\system32\svchost.exe (ID 2424 |ParentID 648)
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (ID 2660 |ParentID 648)
C:\Windows\system32\TODDSrv.exe (ID 2612 |ParentID 648)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (ID 2912 |ParentID 648)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3096 |ParentID 648)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3412 |ParentID 3096)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID 908 |ParentID 648)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 3420 |ParentID 648)
C:\Windows\System32\alg.exe (ID 3876 |ParentID 648)
C:\Windows\system32\svchost.exe (ID 3320 |ParentID 648)
C:\Windows\system32\taskhost.exe (ID 3512 |ParentID 648)
C:\Windows\system32\Dwm.exe (ID 2904 |ParentID 1004)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID 4764 |ParentID 2056)
C:\Windows\Explorer.EXE (ID 1200 |ParentID 3244)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (ID 1224 |ParentID 648)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (ID 3336 |ParentID 648)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 4400 |ParentID 648)
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (ID 1264 |ParentID 1200)
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (ID 924 |ParentID 1200)
c:\Program Files (x86)\Nero\Update\NASvc.exe (ID 4076 |ParentID 648)
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (ID 3132 |ParentID 1200)
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (ID 4384 |ParentID 1200)
C:\Windows\System32\wscript.exe (ID 4260 |ParentID 1200)
C:\Windows\System32\wscript.exe (ID 4892 |ParentID 1200)
C:\Program Files\Windows Sidebar\sidebar.exe (ID 5068 |ParentID 1200)
C:\Windows\System32\wscript.exe (ID 3376 |ParentID 1200)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (ID 4908 |ParentID 1200)
C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (ID 3456 |ParentID 1200)
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (ID 3256 |ParentID 2556)
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (ID 4276 |ParentID 2556)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID 3508 |ParentID 2556)
C:\Windows\system32\wbem\wmiprvse.exe (ID 4516 |ParentID 796)
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (ID 2020 |ParentID 2556)
C:\Windows\System32\svchost.exe (ID 4856 |ParentID 648)
C:\Windows\system32\SearchIndexer.exe (ID 1868 |ParentID 648)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 4120 |ParentID 648)
C:\Windows\system32\taskeng.exe (ID 5308 |ParentID 332)
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (ID 5856 |ParentID 5308)
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (ID 2244 |ParentID 5856)
C:\Windows\System32\svchost.exe (ID 6012 |ParentID 648)
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (ID 2728 |ParentID 648)
C:\Windows\system32\DllHost.exe (ID 1168 |ParentID 796)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 3016 |ParentID 648)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (ID 252 |ParentID 648)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (ID 6256 |ParentID 4852)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6340 |ParentID 1200)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6740 |ParentID 6340)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6848 |ParentID 6340)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6076 |ParentID 6340)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6164 |ParentID 6340)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6104 |ParentID 6340)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6508 |ParentID 6340)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 6488 |ParentID 6340)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 2836 |ParentID 6340)
C:\Users\M�lissa\AppData\Local\Google\Chrome\Application\chrome.exe (ID 5260 |ParentID 6340)
C:\Program Files (x86)\Savevid\SavevidPluginCore.exe (ID 3944 |ParentID 796)
C:\Windows\System32\WUDFHost.exe (ID 6304 |ParentID 1004)
C:\Users\M�lissa\Downloads\RogueKillerX64.exe (ID 2444 |ParentID 1200)
C:\Windows\system32\SearchProtocolHost.exe (ID 5400 |ParentID 1868)
C:\Windows\system32\SearchFilterHost.exe (ID 5212 |ParentID 1868)
C:\UsbFix\Go.exe (ID 4388 |ParentID 344)
C:\Windows\system32\DllHost.exe (ID 5184 |ParentID 796)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
HKLM\SOFTWARE | Run : [KeNotify] - "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
HKLM\SOFTWARE | Run : [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
HKLM\SOFTWARE | Run : [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM\SOFTWARE | Run : [mp0KRBpx] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\mp0KRBpx.vbs"
HKLM\SOFTWARE | Run : [vDkehJGr] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\vDkehJGr.vbs"
HKLM\SOFTWARE | Run : [Wtdyt1Qr] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\Wtdyt1Qr.vbs"
HKLM\SOFTWARE\wow6432Node | Run : [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
HKLM\SOFTWARE\wow6432Node | Run : [KeNotify] - "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
HKLM\SOFTWARE\wow6432Node | Run : [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
HKLM\SOFTWARE\wow6432Node | Run : [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS4ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM\SOFTWARE\wow6432Node | Run : [mp0KRBpx] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\mp0KRBpx.vbs"
HKLM\SOFTWARE\wow6432Node | Run : [vDkehJGr] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\vDkehJGr.vbs"
HKLM\SOFTWARE\wow6432Node | Run : [Wtdyt1Qr] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\Wtdyt1Qr.vbs"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-4281784279-799978331-175305498-1000\SOFTWARE | Run : [Google Update] - "C:\Users\M�lissa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-4281784279-799978331-175305498-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-4281784279-799978331-175305498-1000\SOFTWARE | Run : [bEWm2wMR] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\bEWm2wMR.vbs"
HKU\S-1-5-21-4281784279-799978331-175305498-1000\SOFTWARE | Run : [mp0KRBpx] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\mp0KRBpx.vbs"
HKU\S-1-5-21-4281784279-799978331-175305498-1000\SOFTWARE | Run : [Intel(TM)12 Corporation] - C:\Users\MLISSA~1\AppData\Local\Temp\Intel(TM)12.exe
HKU\S-1-5-21-4281784279-799978331-175305498-1000\SOFTWARE | Run : [vDkehJGr] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\vDkehJGr.vbs"
HKU\S-1-5-21-4281784279-799978331-175305498-1000\SOFTWARE | Run : [Wtdyt1Qr] - wscript.exe //B "C:\Users\MLISSA~1\AppData\Local\Temp\Wtdyt1Qr.vbs"
HKU\S-1-5-21-4281784279-799978331-175305498-1000\SOFTWARE | Run : [KSS] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [{90140000-003D-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H

################## | �l�ments infectieux |

Pr�sent! F:\vDkehJGr.vbs
Pr�sent! F:\Wtdyt1Qr.vbs
Pr�sent! F:\bEWm2wMR.vbs
Pr�sent! F:\mp0KRBpx.vbs
Pr�sent! C:\Users\MLISSA~1\AppData\Local\Temp\bEWm2wMR.vbs
Pr�sent! C:\Users\MLISSA~1\AppData\Local\Temp\mp0KRBpx.vbs
Pr�sent! C:\Users\MLISSA~1\AppData\Local\Temp\vDkehJGr.vbs
Pr�sent! C:\Users\MLISSA~1\AppData\Local\Temp\Wtdyt1Qr.vbs
Pr�sent! C:\Users\M�lissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bEWm2wMR.vbs
Pr�sent! C:\Users\M�lissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mp0KRBpx.vbs
Pr�sent! C:\Users\M�lissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vDkehJGr.vbs
Pr�sent! C:\Users\M�lissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wtdyt1Qr.vbs
Pr�sent! F:\AG.lnk
Pr�sent! F:\Devis n�20000271622 VL.lnk
Pr�sent! F:\Sceno Tarifs Ete 2013.lnk
Pr�sent! F:\Liste sponsors.lnk
Pr�sent! F:\Documents compagnies.lnk
Pr�sent! F:\retroplanning.lnk
Pr�sent! F:\http___www.lnk
Pr�sent! F:\Ma rose et moi.lnk
Pr�sent! F:\Personnages.lnk
Pr�sent! F:\.lnk
Pr�sent! F:\vDkehJGr.lnk
Pr�sent! F:\Wtdyt1Qr.lnk
Pr�sent! F:\Autre.lnk
Pr�sent! F:\Photos video.lnk
Pr�sent! F:\Vid�o.lnk
Pr�sent! F:\A imprimer.lnk
Pr�sent! F:\.Trashes.lnk
Pr�sent! F:\.Spotlight-V100.lnk
Pr�sent! F:\.fseventsd.lnk
Pr�sent! F:\Dossier 45-RS-2013-M1CAPTNPC-ROUILLON-M�lissa.lnk
Pr�sent! F:\Septembre 2013.lnk
Pr�sent! F:\Echalier.lnk
Pr�sent! F:\Stage Cie ATC.lnk
Pr�sent! F:\bEWm2wMR.lnk
Pr�sent! F:\mp0KRBpx.lnk
Pr�sent! F:\Nouveau dossier.lnk
Pr�sent! F:\The Walking Dead.lnk
Pr�sent! C:\Users\Public\9emmD.vbe
Pr�sent! C:\Users\Public\9stemD.VBE
Pr�sent! C:\Users\Public\D7_Loading.zip
Pr�sent! C:\Users\Public\Intel(TM)GMA9.exe
Pr�sent! C:\Users\M�lissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i79VclD.lnk
Pr�sent! C:\Users\MLISSA~1\AppData\Local\Temp\Drives.vbs
Pr�sent! C:\Users\MLISSA~1\AppData\Local\Temp\Intel(TM)12.exe
Pr�sent! C:\Users\M�lissa\AppData\Local\Temp\bEWm2wMR.vbs
Pr�sent! C:\Users\M�lissa\AppData\Local\Temp\mp0KRBpx.vbs
Pr�sent! C:\Users\M�lissa\AppData\Local\Temp\vDkehJGr.vbs
Pr�sent! C:\Users\M�lissa\AppData\Local\Temp\Wtdyt1Qr.vbs

################## | Registre |

Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|vDkehJGr
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|vDkehJGr
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|vDkehJGr
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Wtdyt1Qr
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wtdyt1Qr
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Wtdyt1Qr
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mp0KRBpx
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mp0KRBpx
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|mp0KRBpx
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mp0KRBpx
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mp0KRBpx
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|mp0KRBpx
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|vDkehJGr
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|vDkehJGr
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|vDkehJGr
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Wtdyt1Qr
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wtdyt1Qr
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Wtdyt1Qr
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bEWm2wMR
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mp0KRBpx
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mp0KRBpx
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|mp0KRBpx
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|vDkehJGr
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|vDkehJGr
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|vDkehJGr
Pr�sent! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Wtdyt1Qr
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wtdyt1Qr
Pr�sent! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Wtdyt1Qr
Pr�sent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Intel(TM)12 Corporation
HKCU\.\.\.\.\Explorer\MountPoints2\{09201029-650a-11e1-a397-b870f4632ea1}
Shell\AutoRun\Command = IomegaEncryptionSetup v1.3.exe



################## | Vaccin |

C:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin cr�� par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Publicité


Signaler le contenu de ce document

Publicité