ma clé désinfectée après usbfix? 2014-06-28T08:27:50+00:00
6 sujets de 1 à 6 (sur un total de 6)
  • Auteur
    Messages
  • soniasbz
    Participant
    Nombre d'articles : 3

    Bonjour,
    1-est ce que je peux considérer ma clé USb comme désinfectée après passage par USBFIX?
    ci joint le rapport
    2-Par ailleurs mon antivirus me signale la présence d’une menace autorun. est-ce normal?
    Merci

    [############################## | UsbFix V 7.172 | [Recherche]

    Utilisateur: s.k (Administrateur) # MOI
    Mis à jour le 23/06/2014 par El Desaparecido – SosVirus
    Lancé à 07:36:03 | 28/06/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
    RAM -> [Total : 2932 Mo | Free : 1173 Mo]
    Boot: Normal boot

    OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
    WB: Internet Explorer : 8.00.6001.18702
    WB: Google Chrome : 35.0.1916.153
    WB: Mozilla Firefox : 29.0.1

    ################## | Security Information |

    FW: Windows Firewall [(!) Désactivé]
    SC: Security Center [(!) Désactivé]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 195 Go (169 Go libre(s) – 86%) [] # NTFS
    D: -> Disque fixe # 103 Go (102 Go libre(s) – 100%) [] # NTFS
    F: -> Disque amovible # 3 Go (3 Go libre(s) – 97%) [SANA_CEVA] # FAT32

    ################## | Processus Actif |

    C:WINDOWSsystem32smss.exe (ID: 1612|ParentID: 4|SYSTEM)
    C:PROGRA~1AVGAVG2014avgrsx.exe (ID: 1648|ParentID: 1636|SYSTEM)
    C:Program FilesAVGAVG2014avgcsrvx.exe (ID: 1684|ParentID: 1648|SYSTEM)
    C:WINDOWSsystem32csrss.exe (ID: 1976|ParentID: 1612|SYSTEM)
    C:WINDOWSsystem32winlogon.exe (ID: 2000|ParentID: 1612|SYSTEM)
    C:WINDOWSsystem32services.exe (ID: 2044|ParentID: 2000|SYSTEM)
    C:WINDOWSsystem32lsass.exe (ID: 132|ParentID: 2000|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 308|ParentID: 2044|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 476|ParentID: 2044|SERVICE RÉSEAU)
    C:WINDOWSsystem32svchost.exe (ID: 568|ParentID: 2044|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 760|ParentID: 2044|SERVICE RÉSEAU)
    C:WINDOWSsystem32svchost.exe (ID: 792|ParentID: 2044|SERVICE LOCAL)
    C:WINDOWSsystem32spoolsv.exe (ID: 1188|ParentID: 2044|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 1272|ParentID: 2044|SERVICE LOCAL)
    C:Program FilesAVGAVG2014avgfws.exe (ID: 1304|ParentID: 2044|SYSTEM)
    C:Program FilesAVGAVG2014avgidsagent.exe (ID: 772|ParentID: 2044|SYSTEM)
    C:Program FilesAVGAVG2014avgwdsvc.exe (ID: 1336|ParentID: 2044|SYSTEM)
    C:Program FilesAVGAVG2014avgnsx.exe (ID: 956|ParentID: 1336|SYSTEM)
    C:Program FilesAVGAVG2014avgemcx.exe (ID: 964|ParentID: 1336|SYSTEM)
    C:WINDOWSexplorer.exe (ID: 1964|ParentID: 1592|s.k)
    C:Documents and SettingsAll UsersApplication DataGinyasBrowserCompaniontbhcn.exe (ID: 352|ParentID: 568|s.k)
    C:Program FilesGoogleUpdate1.3.24.15GoogleCrashHandler.exe (ID: 740|ParentID: 1628|SYSTEM)
    C:Documents and SettingsAll UsersApplication DataDatacardServiceHWDeviceService.exe (ID: 724|ParentID: 2044|SYSTEM)
    C:WINDOWSsystem32lxdncoms.exe (ID: 1432|ParentID: 2044|SYSTEM)
    C:WINDOWSsystem32svchost.exe (ID: 2156|ParentID: 2044|SYSTEM)
    C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe (ID: 2212|ParentID: 2044|SYSTEM)
    C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe (ID: 2896|ParentID: 2044|SYSTEM)
    C:Documents and Settingss.kApplication DataAgence-ExclusiveAgence-Exclusiveautoupdater.exe (ID: 3380|ParentID: 1964|s.k)
    C:WINDOWSRTHDCPL.EXE (ID: 3428|ParentID: 1964|s.k)
    C:WINDOWSsystem32igfxpers.exe (ID: 3476|ParentID: 1964|s.k)
    C:Program FilesAgence-Exclusivepctuto.exe (ID: 3576|ParentID: 1964|s.k)
    C:Program FilesLexmark 2600 Serieslxdnmon.exe (ID: 3608|ParentID: 1964|s.k)
    C:WINDOWSsystem32igfxtray.exe (ID: 3700|ParentID: 1964|s.k)
    C:Program FilesLexmark 2600 Serieslxdnmsdmon.exe (ID: 3780|ParentID: 3660|s.k)
    C:WINDOWSsystem32hkcmd.exe (ID: 3868|ParentID: 1964|s.k)
    C:Program FilesAVGAVG2014avgui.exe (ID: 3996|ParentID: 1964|s.k)
    C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID: 1556|ParentID: 1964|s.k)
    C:Program FilesSuperCopier2SuperCopier2.exe (ID: 2084|ParentID: 1964|s.k)
    C:Program FilesSkypePhoneSkype.exe (ID: 2236|ParentID: 1964|s.k)
    C:Program FilesAVGAVG2014avgcsrvx.exe (ID: 2288|ParentID: 956|SYSTEM)
    C:Documents and Settingss.kApplication DataSkypEmoticonsSE.exe (ID: 3620|ParentID: 1964|s.k)
    C:WINDOWSsystem32ctfmon.exe (ID: 328|ParentID: 1964|s.k)
    C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 2312|ParentID: 1964|s.k)
    C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSound_XP.exe (ID: 2700|ParentID: 1964|s.k)
    C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE (ID: 2264|ParentID: 308|s.k)
    C:system32SystemProtection.exe (ID: 3160|ParentID: 3172|s.k)
    C:WINDOWSsystem32wscript.exe (ID: 2432|ParentID: 3160|s.k)
    C:PROGRA~1Yahoo!MessengerYmsgr_tray.exe (ID: 4392|ParentID: 3320|s.k)
    C:WINDOWSsystem32wuauclt.exe (ID: 3260|ParentID: 568|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5988|ParentID: 1964|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4580|ParentID: 5988|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3536|ParentID: 5988|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 672|ParentID: 5988|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2172|ParentID: 5988|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5304|ParentID: 5988|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2224|ParentID: 5988|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4660|ParentID: 5988|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5328|ParentID: 5988|s.k)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3760|ParentID: 5988|s.k)
    C:UsbFixUsbFix.exe (ID: 5176|ParentID: 6012|s.k)
    C:WINDOWSsystem32msfeedssync.exe (ID: 5728|ParentID: 568|s.k)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] Explorer.exe
    F2 – HKLM..Winlogon : [TaskMan] C:RECYCLERS-1-5-21-0243556031-888888379-781863308-19449463ababbdq.exe
    F2 – HKLM..Winlogon : [Userinit] C:WINDOWSsystem32userinit.exe,
    04 – HKCU..Run : [Xdnonl] C:Documents and Settingss.kApplication DataIdentitiesXdnonl.exe
    04 – HKCU..Run : [swg] “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    04 – HKCU..Run : [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
    04 – HKCU..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    04 – HKCU..Run : [se] “C:Documents and Settingss.kApplication DataSkypEmoticonsSE.exe” /minimized
    04 – HKCU..Run : [Messenger (Yahoo!)] “C:PROGRA~1Yahoo!MessengerYahooMessenger.exe” -quiet
    04 – HKCU..Run : [MediaFire Tray] “C:Documents and Settingss.kApplication DataMediaFire Expressmf_systray.exe” –boot-start
    04 – HKCU..Run : [iLivid] “C:Documents and Settingss.kLocal SettingsApplication DataiLividiLivid.exe” -autorun
    04 – HKCU..Run : [Facebook Update] “C:Documents and Settingss.kLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKCU..Run : [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    04 – HKLM..Run : [autoupdater] C:Documents and Settingss.kApplication DataAgence-ExclusiveAgence-Exclusiveautoupdater.exe
    04 – HKLM..Run : [RTHDCPL] RTHDCPL.EXE
    04 – HKLM..Run : [Persistence] C:WINDOWSsystem32igfxpers.exe
    04 – HKLM..Run : [pctuto] “C:Program FilesAgence-Exclusivepctuto.exe”
    04 – HKLM..Run : [lxdnmon.exe] “C:Program FilesLexmark 2600 Serieslxdnmon.exe”
    04 – HKLM..Run : [lxdnamon] “C:Program FilesLexmark 2600 Serieslxdnamon.exe”
    04 – HKLM..Run : [IgfxTray] C:WINDOWSsystem32igfxtray.exe
    04 – HKLM..Run : [HPWQTOOLBOX] C:Program FilesHewlett-PackardHP Deskjet 9800 SeriesToolboxHPWQTBX.exe “-i”
    04 – HKLM..Run : [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
    04 – HKLM..Run : [FaxCenterServer] “C:Program FilesLexmark Fax Solutionsfm3032.exe” /s
    04 – HKLM..Run : [AVG_UI] “C:Program FilesAVGAVG2014avgui.exe” /TRAYONLY
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
    04 – HKLM..PoliciesExplorerrun : [Updates] “C:system32SystemProtection.exe” /e:VBScript.Encode “C:kernelr00t3r”
    04 – HKUS-1-5-19..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-20..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [Xdnonl] C:Documents and Settingss.kApplication DataIdentitiesXdnonl.exe
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [swg] “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [se] “C:Documents and Settingss.kApplication DataSkypEmoticonsSE.exe” /minimized
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [Messenger (Yahoo!)] “C:PROGRA~1Yahoo!MessengerYahooMessenger.exe” -quiet
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [MediaFire Tray] “C:Documents and Settingss.kApplication DataMediaFire Expressmf_systray.exe” –boot-start
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [iLivid] “C:Documents and Settingss.kLocal SettingsApplication DataiLividiLivid.exe” -autorun
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [Facebook Update] “C:Documents and Settingss.kLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    04 – HKUS-1-5-18..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-19..RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
    04 – HKUS-1-5-19..RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    04 – HKUS-1-5-20..RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
    04 – HKUS-1-5-20..RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    04 – HKUS-1-5-18..RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
    04 – HKUS-1-5-18..RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    ################## | Recherche générique |

    Présent! F:LOL TOP 5.lnk
    Présent! C:kernellpt1
    Présent! C:kernelr00t3r
    Présent! C:kernel
    Présent! C:system32SystemProtection.exe
    Présent! F:config.dat
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-120221Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-120221
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-121151Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-121151
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-19449463Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-19449463
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-19714475Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-19714475
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-3313547Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-3313547
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5618147819Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5618147819
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56813Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56813
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56814Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56814
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-568145Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-568145
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-568146Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-568146
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681477Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681477
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681478Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681478
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56814789Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56814789
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-825347Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-825347
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-82971975Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-82971975
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8325143Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8325143
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345143Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345143
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345543Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345543
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345546Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345546
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345547Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345547
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-839714475Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-839714475
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-83971975Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-83971975
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-9861447Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-9861447
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-98614471Desktop.ini
    Présent! C:RecyclerS-1-5-21-0243556031-888888379-781863308-98614471

    ################## | Registre |

    Présent! HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon|Taskman (C:RECYCLERS-1-5-21-0243556031-888888379-781863308-19449463ababbdq.exe)
    Présent! HKLMSoftwareMicrosoftSecurity Center|AntiVirusDisableNotify -> 1
    Présent! HKLMSoftwareMicrosoftSecurity Center|FirewallDisableNotify -> 1
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr -> 1
    Présent! HKLMSoftware8322898
    Présent! HKCUSoftwarePowerPack
    Présent! HKUS-1-5-21-1123561945-1284227242-1801674531-1003SoftwarePowerPack
    Présent! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionstaskmgr.exe
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Updates

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    Bonjour relance USBFix , clique sur Nettoyage , puis poste le nouveau rapport

    soniasbz
    Participant
    Nombre d'articles : 3

    re
    voici le rapport obtenu après nettoyage et merci

    ############################## | UsbFix V 7.172 | [Nettoyage]

    Utilisateur: s.kk (Administrateur) # MOI
    Mis à jour le 23/06/2014 par El Desaparecido – SosVirus
    Lancé à 09:56:24 | 28/06/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
    RAM -> [Total : 2932 Mo | Free : 1496 Mo]
    Boot: Normal boot

    OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
    WB: Internet Explorer : 8.00.6001.18702
    WB: Google Chrome : 35.0.1916.153
    WB: Mozilla Firefox : 29.0.1

    ################## | Security Information |

    FW: Windows Firewall [(!) Désactivé]
    SC: Security Center [(!) Désactivé]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 195 Go (169 Go libre(s) – 87%) [] # NTFS
    D: -> Disque fixe # 103 Go (102 Go libre(s) – 100%) [] # NTFS
    F: -> Disque amovible # 3 Go (3 Go libre(s) – 97%) # FAT32

    ################## | Processus Stoppés |

    C:PROGRA~1AVGAVG2014avgrsx.exe (ID: 1652|ParentID: 1640|SYSTEM)
    C:Program FilesAVGAVG2014avgcsrvx.exe (ID: 1688|ParentID: 1652|SYSTEM)
    C:WINDOWSsystem32spoolsv.exe (ID: 1180|ParentID: 120|SYSTEM)
    C:Program FilesAVGAVG2014avgfws.exe (ID: 1304|ParentID: 120|SYSTEM)
    C:Program FilesAVGAVG2014avgidsagent.exe (ID: 772|ParentID: 120|SYSTEM)
    C:Program FilesAVGAVG2014avgwdsvc.exe (ID: 1352|ParentID: 120|SYSTEM)
    C:Program FilesAVGAVG2014avgnsx.exe (ID: 964|ParentID: 1352|SYSTEM)
    C:Program FilesAVGAVG2014avgemcx.exe (ID: 996|ParentID: 1352|SYSTEM)
    C:WINDOWSexplorer.exe (ID: 1548|ParentID: 1492|s.kk)
    C:Documents and SettingsAll UsersApplication DataGinyasBrowserCompaniontbhcn.exe (ID: 260|ParentID: 568|s.kk)
    C:Program FilesGoogleUpdate1.3.24.15GoogleCrashHandler.exe (ID: 400|ParentID: 1540|SYSTEM)
    C:Documents and SettingsAll UsersApplication DataDim@netOnlineUpdateouc.exe (ID: 908|ParentID: 1516|SYSTEM)
    C:Documents and SettingsAll UsersApplication DataDatacardServiceHWDeviceService.exe (ID: 1436|ParentID: 120|SYSTEM)
    C:WINDOWSsystem32lxdncoms.exe (ID: 2240|ParentID: 120|SYSTEM)
    C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe (ID: 2588|ParentID: 120|SYSTEM)
    C:Documents and Settingss.kkApplication DataAgence-ExclusiveAgence-Exclusiveautoupdater.exe (ID: 2804|ParentID: 1548|s.kk)
    C:WINDOWSRTHDCPL.EXE (ID: 2960|ParentID: 1548|s.kk)
    C:WINDOWSsystem32igfxpers.exe (ID: 3000|ParentID: 1548|s.kk)
    C:Program FilesAgence-Exclusivepctuto.exe (ID: 3048|ParentID: 1548|s.kk)
    C:Program FilesLexmark 2600 Serieslxdnmon.exe (ID: 3192|ParentID: 1548|s.kk)
    C:WINDOWSsystem32igfxtray.exe (ID: 3224|ParentID: 1548|s.kk)
    C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe (ID: 3240|ParentID: 120|SYSTEM)
    C:WINDOWSsystem32hkcmd.exe (ID: 3268|ParentID: 1548|s.kk)
    C:Program FilesLexmark 2600 Serieslxdnmsdmon.exe (ID: 3316|ParentID: 3204|s.kk)
    C:Program FilesAVGAVG2014avgui.exe (ID: 3328|ParentID: 1548|s.kk)
    C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID: 3520|ParentID: 1548|s.kk)
    C:Program FilesSuperCopier2SuperCopier2.exe (ID: 3628|ParentID: 1548|s.kk)
    C:Program FilesSkypePhoneSkype.exe (ID: 3784|ParentID: 1548|s.kk)
    C:Documents and Settingss.kkApplication DataSkypEmoticonsSE.exe (ID: 4008|ParentID: 1548|s.kk)
    C:WINDOWSsystem32ctfmon.exe (ID: 2252|ParentID: 1548|s.kk)
    C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 3036|ParentID: 1548|s.kk)
    C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSound_XP.exe (ID: 3108|ParentID: 1548|s.kk)
    C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE (ID: 3912|ParentID: 304|s.kk)
    C:Program FilesAVGAVG2014avgcsrvx.exe (ID: 3572|ParentID: 964|SYSTEM)
    C:system32SystemProtection.exe (ID: 2152|ParentID: 2780|s.kk)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3092|ParentID: 1548|s.kk)
    C:WINDOWSsystem32wuauclt.exe (ID: 2468|ParentID: 568|s.kk)
    C:WINDOWSsystem32wscript.exe (ID: 2096|ParentID: 2152|s.kk)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5028|ParentID: 3092|s.kk)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5196|ParentID: 3092|s.kk)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5264|ParentID: 3092|s.kk)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5368|ParentID: 3092|s.kk)
    C:PROGRA~1Yahoo!MessengerYmsgr_tray.exe (ID: 5560|ParentID: 1648|s.kk)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4988|ParentID: 3092|s.kk)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5412|ParentID: 3092|s.kk)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2348|ParentID: 3092|s.kk)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3620|ParentID: 3092|s.kk)

    ################## | Autorun |

    ################## | Recherche générique |

    Supprimé! F:LOL TOP 5.lnk
    Non supprimé ! C:kernellpt1
    Supprimé! C:kernelr00t3r
    Non supprimé ! C:kernel
    Supprimé! C:system32SystemProtection.exe
    Supprimé! F:config.dat
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-120221Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-120221
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-121151Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-121151
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-19449463Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-19449463
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-19714475Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-19714475
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-3313547Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-3313547
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5618147819Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5618147819
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56813Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56813
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56814Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56814
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-568145Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-568145
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-568146Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-568146
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681477Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681477
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681478Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-5681478
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56814789Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-56814789
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-825347Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-825347
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-82971975Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-82971975
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8325143Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8325143
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345143Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345143
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345543Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345543
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345546Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345546
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345547Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-8345547
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-839714475Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-839714475
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-83971975Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-83971975
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-9861447Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-9861447
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-98614471Desktop.ini
    Supprimé! C:RecyclerS-1-5-21-0243556031-888888379-781863308-98614471

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Réparé ! HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon|Taskman (“”)
    Réparé ! HKLMSoftwareMicrosoftSecurity Center|AntiVirusDisableNotify -> 0
    Réparé ! HKLMSoftwareMicrosoftSecurity Center|FirewallDisableNotify -> 0
    Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr -> 0
    Supprimé! HKLMSoftware8322898
    Supprimé! HKCUSoftwarePowerPack
    Supprimé! HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionstaskmgr.exe
    Supprimé! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Updates

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] Explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:WINDOWSsystem32userinit.exe,
    04 – HKCU..Run : [Xdnonl] C:Documents and Settingss.kkApplication DataIdentitiesXdnonl.exe
    04 – HKCU..Run : [swg] “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    04 – HKCU..Run : [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
    04 – HKCU..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    04 – HKCU..Run : [se] “C:Documents and Settingss.kkApplication DataSkypEmoticonsSE.exe” /minimized
    04 – HKCU..Run : [Messenger (Yahoo!)] “C:PROGRA~1Yahoo!MessengerYahooMessenger.exe” -quiet
    04 – HKCU..Run : [MediaFire Tray] “C:Documents and Settingss.kkApplication DataMediaFire Expressmf_systray.exe” –boot-start
    04 – HKCU..Run : [iLivid] “C:Documents and Settingss.kkLocal SettingsApplication DataiLividiLivid.exe” -autorun
    04 – HKCU..Run : [Facebook Update] “C:Documents and Settingss.kkLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKCU..Run : [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    04 – HKLM..Run : [autoupdater] C:Documents and Settingss.kkApplication DataAgence-ExclusiveAgence-Exclusiveautoupdater.exe
    04 – HKLM..Run : [RTHDCPL] RTHDCPL.EXE
    04 – HKLM..Run : [Persistence] C:WINDOWSsystem32igfxpers.exe
    04 – HKLM..Run : [pctuto] “C:Program FilesAgence-Exclusivepctuto.exe”
    04 – HKLM..Run : [lxdnmon.exe] “C:Program FilesLexmark 2600 Serieslxdnmon.exe”
    04 – HKLM..Run : [lxdnamon] “C:Program FilesLexmark 2600 Serieslxdnamon.exe”
    04 – HKLM..Run : [IgfxTray] C:WINDOWSsystem32igfxtray.exe
    04 – HKLM..Run : [HPWQTOOLBOX] C:Program FilesHewlett-PackardHP Deskjet 9800 SeriesToolboxHPWQTBX.exe “-i”
    04 – HKLM..Run : [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
    04 – HKLM..Run : [FaxCenterServer] “C:Program FilesLexmark Fax Solutionsfm3032.exe” /s
    04 – HKLM..Run : [AVG_UI] “C:Program FilesAVGAVG2014avgui.exe” /TRAYONLY
    04 – HKLM..Run : [Adobe ARM] “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
    04 – HKUS-1-5-19..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-20..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [Xdnonl] C:Documents and Settingss.kkApplication DataIdentitiesXdnonl.exe
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [swg] “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [Skype] “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [se] “C:Documents and Settingss.kkApplication DataSkypEmoticonsSE.exe” /minimized
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [Messenger (Yahoo!)] “C:PROGRA~1Yahoo!MessengerYahooMessenger.exe” -quiet
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [MediaFire Tray] “C:Documents and Settingss.kkApplication DataMediaFire Expressmf_systray.exe” –boot-start
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [iLivid] “C:Documents and Settingss.kkLocal SettingsApplication DataiLividiLivid.exe” -autorun
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [Facebook Update] “C:Documents and Settingss.kkLocal SettingsApplication DataFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-21-1123561945-1284227242-1801674531-1003..Run : [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
    04 – HKUS-1-5-18..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
    04 – HKUS-1-5-19..RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
    04 – HKUS-1-5-19..RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    04 – HKUS-1-5-20..RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
    04 – HKUS-1-5-20..RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    04 – HKUS-1-5-18..RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
    04 – HKUS-1-5-18..RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [30/03/2012 – 15:48:44 | RASH | 0 Ko] – C:MSDOS.SYS
    [30/03/2012 – 15:48:44 | N | 0 Ko] – C:CONFIG.SYS
    [30/03/2012 – 15:48:44 | RASH | 0 Ko] – C:IO.SYS
    [28/06/2014 – 09:32:45 | ASH | 2095104 Ko] – C:pagefile.sys
    [25/06/2014 – 13:28:05 | D] – C:Config.Msi
    [30/03/2012 – 16:30:09 | N | 0 Ko] – C:Setup.log
    [17/09/2012 – 20:13:47 | N | 14 Ko] – C:hwupgradewizard.log
    [06/04/2012 – 07:12:16 | N | 1 Ko] – C:user.js
    [12/06/2014 – 23:07:24 | SH | 0 Ko] – C:boot.ini
    [25/04/2012 – 21:05:55 | N | 0 Ko] – C:srch_1.gif
    [25/04/2012 – 21:05:56 | N | 0 Ko] – C:srch_img_1.gif
    [25/04/2012 – 21:05:57 | N | 0 Ko] – C:srch_vid_1.gif
    [25/04/2012 – 21:06:15 | N | 0 Ko] – C:srch_sh_1.gif
    [25/04/2012 – 21:06:16 | N | 0 Ko] – C:srch_ans_1.gif
    [25/04/2012 – 21:06:19 | N | 0 Ko] – C:srch_aud_1.gif
    [25/04/2012 – 21:06:22 | N | 0 Ko] – C:hj_1.gif
    [25/04/2012 – 21:06:23 | N | 0 Ko] – C:srch_nws_1.gif
    [25/04/2012 – 21:06:24 | N | 0 Ko] – C:ab_1.gif
    [25/04/2012 – 21:06:31 | N | 0 Ko] – C:del_1.gif
    [25/04/2012 – 21:06:33 | N | 0 Ko] – C:flk2.gif
    [13/11/2012 – 05:45:41 | N | 24 Ko] – C:RECUP.DOC
    [14/04/2008 – 13:00:00 | N | 46 Ko | VirusTotal – (0/54)] – C:NTDETECT.COM
    [25/04/2012 – 21:06:20 | N | 0 Ko] – C:dir.bmp
    [25/04/2012 – 21:06:26 | N | 0 Ko] – C:edu.bmp
    [14/04/2008 – 13:00:00 | N | 5 Ko] – C:Bootfont.bin
    [25/12/2013 – 13:20:50 | N | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [30/03/2012 – 15:48:44 | A | 0 Ko] – C:AUTOEXEC.BAT
    [14/04/2008 – 13:00:00 | RASH | 246 Ko] – C:ntldr
    [30/03/2012 – 16:15:27 | D] – C:Intel
    [08/04/2012 – 23:00:51 | D] – C:ce611b358163aaa33db73789bcf589
    [09/04/2012 – 19:40:21 | D] – C:2a176a13056963814ff730
    [10/04/2012 – 14:25:52 | D] – C:a2685aa35952652f8987e
    [20/09/2012 – 11:55:35 | D] – C:fcd91471d9778ec7e8a2eea7da
    [25/10/2012 – 21:22:28 | D] – C:Temp
    [17/11/2012 – 09:18:09 | RHD] – C:MSOCache
    [30/11/2012 – 08:05:14 | D] – C:logs
    [17/12/2012 – 11:30:49 | D] – C:Lexmark ToolBar
    [11/02/2013 – 14:05:11 | D] – C:Data
    [11/02/2013 – 14:07:11 | D] – C:e
    [24/03/2013 – 10:30:05 | D] – C:Documents and Settings
    [25/07/2013 – 20:33:39 | N | 0 Ko] – C:us
    [13/12/2013 – 12:17:25 | D] – C:$AVG
    [17/03/2014 – 07:04:39 | D] – C:AdwCleaner
    [24/06/2014 – 08:56:40 | D] – C:Program Files
    [27/06/2014 – 19:24:16 | D] – C:WINDOWS
    [28/06/2014 – 09:36:21 | SHD] – C:System Volume Information
    [28/06/2014 – 09:49:02 | D] – C:UsbFix
    [28/06/2014 – 09:56:55 | D] – C:Kernel
    [28/06/2014 – 09:56:55 | D] – C:system32
    [28/06/2014 – 09:56:57 | SHD] – C:RECYCLER

    ################## | D: – Disque Fixe (NTFS) |

    [11/11/2012 – 13:50:00 | SHD] – D:RECYCLER
    [19/12/2012 – 18:28:28 | D] – D:phtos sony19-12-2012
    [23/11/2013 – 08:33:53 | D] – D:Aymen
    [12/12/2013 – 20:39:30 | D] – D:photos
    [27/06/2014 – 14:27:07 | SHD] – D:System Volume Information

    ################## | F: – Disque USB (FAT32) |

    [20/01/2012 – 07:13:20 | N | 86 Ko] – F:2012-01-20_071305.png
    [20/01/2012 – 07:17:14 | N | 91 Ko] – F:2012-01-18_071656.png
    [20/01/2012 – 07:17:28 | N | 89 Ko] – F:2012-01-18_071721.png
    [17/12/2011 – 20:59:46 | N | 671 Ko] – F:Arrêté2005_3005.pdf
    [08/06/2012 – 07:55:48 | N | 638 Ko] – F:Arr21-10-2006batiments.pdf
    [10/06/2012 – 16:30:42 | N | 159 Ko] – F:7_2012.pdf
    [04/01/2012 – 07:20:52 | N | 61 Ko] – F:7nov.jpg
    [04/01/2012 – 17:58:24 | N | 21 Ko] – F:addition41.jpg
    [28/06/2014 – 07:35:54 | N | 0 Ko] – F:autorun.inf
    [17/02/2012 – 12:21:52 | N | 310 Ko | VirusTotal – (0/49)] – F:aswclear.exe
    [31/10/2012 – 09:09:34 | N | 73 Ko] – F:12_35.docx
    [16/09/2013 – 09:52:36 | D] – F:HPV
    [16/09/2013 – 09:52:38 | D] – F:anniversaire
    [16/09/2013 – 09:53:52 | D] – F:expertise ??????
    [16/09/2013 – 09:53:56 | D] – F:2juin
    [16/09/2013 – 12:07:38 | D] – F:Téléchargements
    [16/09/2013 – 12:10:40 | D] – F:sousse-eaux5
    [16/09/2013 – 12:39:14 | D] – F:Yosr
    [16/09/2013 – 12:39:32 | D] – F:CRT
    [16/09/2013 – 12:39:32 | D] – F:Bureau

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    ok attends un peu je contacte le concepteur d’USBFix pour certitude sur certains fichiers qui pourraient être encore infectieux

    soniasbz
    Participant
    Nombre d'articles : 3

    Merci
    encore une question:j’ai encore au moins 6 autres clés qui sont sans aucun doute infectées.je dois refaire la même procédures?
    Merci encore

    g3n-h@ckm@ng3n-h@ckm@n
    Keymaster
    Nombre d'articles : 8304

    oui

    en principe il faut utiliser usbfix avec tous les supports amovibles branchés dans la mesure du nombre de ports usb

6 sujets de 1 à 6 (sur un total de 6)
  • Vous devez être connecté pour répondre à ce sujet.