Virus supports amovibles raccourcis 2014-05-10T15:59:54+00:00
  • Auteur
    Messages
  • hbaud
    Participant
    Nombre d'articles : 1

    Bonjour,
    J’ai un virus récurrent depuis une semaine. Tout le contenu de ma clé USB se transforme en raccourcis et est illisible. J’ai le même problème avec tous le supports amovibles branchés sur mon ordinateur. J’ai installé USBFIX, voici le rapport:
    [spoiler:i8udtwze]############################## | UsbFix V 7.169 | [Recherche]

    Utilisateur: Hilaire (Administrateur) # HILAIRE-PC
    Mis à jour le 08/05/2014 par El Desaparecido – Team SosVirus
    Lancé à 17:33:58 | 10/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer Inc. (K53SV)
    CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
    RAM -> [Total : 6056 Mo| Free : 3195 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.17105
    WB: Google Chrome : 32.0.1700.102
    WB: Mozilla Firefox : 29.0.1

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: Microsoft Security Essentials [Enabled | Updated]
    AS: Windows Defender [(!) Disabled | (!) Outdated]
    AS: Microsoft Security Essentials [Enabled | Updated]
    FW: Windows FireWall [Enabled]

    C: (%systemdrive%) -> Disque fixe # 279 Go (169 Go libre(s) – 61%) [OS] # NTFS
    D: -> Disque fixe # 101 Go (13 Go libre(s) – 13%) [Data] # NTFS
    E: -> Disque fixe # 293 Go (193 Go libre(s) – 66%) [OS] # NTFS
    F: -> CD-ROM
    G: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [USB DISK] # FAT32
    H: -> Disque amovible # 960 Mo (417 Mo libre(s) – 43%) [NT] # FAT
    I: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 484 |ParentID: 472)
    C:Windowssystem32wininit.exe (ID: 592 |ParentID: 472)
    C:Windowssystem32csrss.exe (ID: 612 |ParentID: 600)
    C:Windowssystem32services.exe (ID: 656 |ParentID: 592)
    C:Windowssystem32lsass.exe (ID: 672 |ParentID: 592)
    C:Windowssystem32lsm.exe (ID: 680 |ParentID: 592)
    C:Windowssystem32winlogon.exe (ID: 796 |ParentID: 600)
    C:Windowssystem32svchost.exe (ID: 804 |ParentID: 656)
    C:Windowssystem32nvvsvc.exe (ID: 888 |ParentID: 656)
    C:Windowssystem32svchost.exe (ID: 928 |ParentID: 656)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 996 |ParentID: 656)
    C:WindowsSystem32svchost.exe (ID: 508 |ParentID: 656)
    C:WindowsSystem32svchost.exe (ID: 732 |ParentID: 656)
    C:Windowssystem32svchost.exe (ID: 944 |ParentID: 656)
    C:Windowssystem32svchost.exe (ID: 1036 |ParentID: 656)
    C:Windowssystem32svchost.exe (ID: 1196 |ParentID: 656)
    C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 1268 |ParentID: 888)
    C:Windowssystem32nvvsvc.exe (ID: 1280 |ParentID: 888)
    C:Windowssystem32FBAgent.exe (ID: 1424 |ParentID: 656)
    C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1468 |ParentID: 656)
    C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1540 |ParentID: 656)
    C:Windowssystem32Dwm.exe (ID: 1676 |ParentID: 732)
    C:WindowsExplorer.EXE (ID: 1740 |ParentID: 1668)
    C:Windowssystem32taskeng.exe (ID: 1752 |ParentID: 1036)
    C:WindowsSystem32spoolsv.exe (ID: 1776 |ParentID: 656)
    C:Windowssystem32svchost.exe (ID: 1816 |ParentID: 656)
    C:Windowssystem32rundll32.exe (ID: 1924 |ParentID: 656)
    C:WindowsSysWOW64rundll32.exe (ID: 1944 |ParentID: 1924)
    C:Program Files (x86)BonjourmDNSResponder.exe (ID: 1988 |ParentID: 656)
    C:Windowssystem32taskhost.exe (ID: 1168 |ParentID: 656)
    C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 1652 |ParentID: 1468)
    C:ProgramDataBetterSoftContinueToSaveContinueToSave.exe (ID: 1836 |ParentID: 1752)
    C:Windowssystem32taskeng.exe (ID: 1916 |ParentID: 1036)
    C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 1640 |ParentID: 1752)
    C:Windowssystem32taskeng.exe (ID: 2052 |ParentID: 1036)
    C:Program Files (x86)ASUSSmartLogonsensorsrv.exe (ID: 2096 |ParentID: 1916)
    C:Program Files (x86)ASUSSplendidACMON.exe (ID: 2148 |ParentID: 1916)
    C:Program FilesP4GBatteryLife.exe (ID: 2156 |ParentID: 1916)
    C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe (ID: 2168 |ParentID: 1916)
    C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 2252 |ParentID: 2052)
    C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 2364 |ParentID: 1652)
    C:Program Files (x86)Hotspot ShieldHssWPRhsssrv.exe (ID: 2408 |ParentID: 656)
    C:Program Files (x86)Hotspot Shieldbinhsswd.exe (ID: 2436 |ParentID: 656)
    C:Program Files (x86)GoogleUpdate1.3.22.3GoogleCrashHandler.exe (ID: 2572 |ParentID: 1640)
    C:Program Files (x86)GoogleUpdate1.3.22.3GoogleCrashHandler64.exe (ID: 2580 |ParentID: 1640)
    C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 2756 |ParentID: 1652)
    C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 2764 |ParentID: 1652)
    C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 2844 |ParentID: 656)
    C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 2868 |ParentID: 656)
    C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe (ID: 2916 |ParentID: 656)
    C:WindowsSysWOW64ACEngSvr.exe (ID: 2940 |ParentID: 804)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 664 |ParentID: 656)
    C:WindowsAsScrPro.exe (ID: 3116 |ParentID: 1424)
    C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID: 3136 |ParentID: 1424)
    C:WindowsSystem32igfxtray.exe (ID: 3268 |ParentID: 1740)
    C:WindowsSystem32hkcmd.exe (ID: 3300 |ParentID: 1740)
    C:WindowsSystem32igfxpers.exe (ID: 3308 |ParentID: 1740)
    C:Program FilesRealtekAudioHDARAVBg64.exe (ID: 3332 |ParentID: 1740)
    C:Program FilesElantechETDCtrl.exe (ID: 3380 |ParentID: 1740)
    C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe (ID: 3404 |ParentID: 1740)
    C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 3420 |ParentID: 1740)
    C:Program Files (x86)syncablessyncables desktopsyncables.exe (ID: 3464 |ParentID: 1740)
    C:WindowsSystem32wscript.exe (ID: 3500 |ParentID: 1740)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 3560 |ParentID: 1424)
    C:Program Files (x86)syncablessyncables desktopjrebinjavaw.exe (ID: 3624 |ParentID: 3464)
    C:Windowssystem32svchost.exe (ID: 3824 |ParentID: 656)
    C:Program FilesIntelTurboBoostTurboBoost.exe (ID: 3852 |ParentID: 656)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3892 |ParentID: 656)
    C:Program Files (x86)ASUSSonic FocusSonicFocusTray.exe (ID: 3964 |ParentID: 3512)
    C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 3984 |ParentID: 3512)
    C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe (ID: 3992 |ParentID: 3512)
    C:Program Files (x86)ASUSWireless Console 3wcourier.exe (ID: 4020 |ParentID: 3512)
    C:Program Files (x86)BrowserCompanionBCHelper.exe (ID: 4044 |ParentID: 3512)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 4076 |ParentID: 3892)
    C:Windowssystem32wbemwmiprvse.exe (ID: 3776 |ParentID: 804)
    C:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 4988 |ParentID: 656)
    C:Windowssystem32SearchIndexer.exe (ID: 5092 |ParentID: 656)
    C:Program FilesElantechETDCtrlHelper.exe (ID: 5112 |ParentID: 3380)
    C:Windowssystem32svchost.exe (ID: 4628 |ParentID: 656)
    C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe (ID: 5412 |ParentID: 1740)
    C:UsersHilaireAppDataRoamingDropboxbinDropbox.exe (ID: 5420 |ParentID: 1740)
    C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.EXE (ID: 5432 |ParentID: 1740)
    C:Windowssystem32wbemunsecapp.exe (ID: 5496 |ParentID: 804)
    C:Windowssystem32wbemwmiprvse.exe (ID: 5728 |ParentID: 804)
    C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 6124 |ParentID: 656)
    C:Windowssystem32svchost.exe (ID: 5256 |ParentID: 656)
    C:WindowsSystem32svchost.exe (ID: 4352 |ParentID: 656)
    C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (ID: 3296 |ParentID: 656)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5700 |ParentID: 656)
    C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 5536 |ParentID: 1740)
    C:Windowssystem32taskhost.exe (ID: 384 |ParentID: 656)
    C:Program Files (x86)Windows LivePhoto GalleryMovieMaker.exe (ID: 1132 |ParentID: 5756)
    C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 288 |ParentID: 5536)
    C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 2400 |ParentID: 288)
    C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 6384 |ParentID: 2400)
    C:WindowsSystem32WUDFHost.exe (ID: 4256 |ParentID: 732)
    \?C:Windowssystem32wbemWMIADAP.EXE (ID: 5240 |ParentID: 1036)

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [Syncables] C:Program Files (x86)syncablessyncables desktopSyncables.exe
    04 – HKCU..Run : [AdobeBridge]
    04 – HKCU..Run : [Facebook Update] “C:UsersHilaireAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKCU..Run : [168816984_MicrosoftUpdate] wscript.exe //B “C:UsersHilaireAppDataRoaming168816984_MicrosoftUpdate.vbe”
    04 – HKLM..Run : [Nuance PDF Reader-reminder] “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
    04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
    04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
    04 – HKLM..Run : [SonicMasterTray] C:Program Files (x86)ASUSSonic FocusSonicFocusTray.exe
    04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    04 – HKLM..Run : [UpdateLBPShortCut] “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLM..Run : [UpdateP2GoShortCut] “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
    04 – HKLM..Run : [Browser companion helper] C:Program Files (x86)BrowserCompanionBCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS}
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLM..Run : [YTDownloader] “C:Program Files (x86)YTDownloaderYTDownloader.exe” /boot
    04 – HKLM..RunOnce : []
    04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
    04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
    04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
    04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /SF3
    04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
    04 – [x64] HKLM..Run : [IntelPAN] “C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe” /tf Intel PAN Tray
    04 – [x64] HKLM..Run : [IntelTBRunOnce] wscript.exe //b //nologo “C:Program FilesIntelTurboBoostRunTBGadgetOnce.vbs”
    04 – [x64] HKLM..Run : [Setwallpaper] c:programdataSetWallpaper.cmd
    04 – [x64] HKLM..Run : [MSC] “C:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1000..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1000..Run : [ISUSPM] C:ProgramDataFLEXnetConnect11ISUSPM.exe -scheduler
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [Syncables] C:Program Files (x86)syncablessyncables desktopSyncables.exe
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [AdobeBridge]
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [Facebook Update] “C:UsersHilaireAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [168816984_MicrosoftUpdate] wscript.exe //B “C:UsersHilaireAppDataRoaming168816984_MicrosoftUpdate.vbe”
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1000..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! C:UsersHilaireAppDataRoaming168816984_MicrosoftUpdate.vbe
    Présent! C:UsersHilaireAppDataLocalTempupdate.exe
    Présent! G:168816984_MicrosoftUpdate.vbe
    Présent! H:168816984_MicrosoftUpdate.vbe
    Présent! I:168816984_MicrosoftUpdate.vbe
    Présent! G:syncguid.dat
    Présent! H:WEB.lnk
    Présent! H:syncguid.dat
    Présent! I:syncguid.dat
    Présent! H:RecyclerS-5-3-42-2819952290-8240758988-879315005-3665

    ################## | Registre |

    Présent! HKUS-1-5-21-3433864762-517863337-3049944731-1001SoftwareMicrosoftWindowsCurrentVersionRun|168816984_MicrosoftUpdate
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|168816984_MicrosoftUpdate

    ################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:i8udtwze] Merci beaucoup!!

  • Anonyme
    Nombre d'articles : 1400

    :hello: hbaud et :welcome: sur sosvirus

    relance usbfix en mode suppression et poste le rapport s’il te plaît

    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Suppression

      Note : L’ordinateur va redémarrer automatiquement, au redémarrage, clique sur le message transmis par UsbFix et laisse le programme travailler.

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    :merci2:

  • hbaud
    Participant
    Nombre d'articles : 1

    Merci beaucoup pour la rapidité! J’ai relancé Usbfix en mode suppression, voilà le rapport:
    [spoiler:2o9oz7yr]############################## | UsbFix V 7.169 | [Suppression]

    Utilisateur: Hilaire (Administrateur) # HILAIRE-PC
    Mis à jour le 08/05/2014 par El Desaparecido – Team SosVirus
    Lancé à 21:39:49 | 10/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK Computer Inc. (K53SV)
    CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
    RAM -> [Total : 6056 Mo| Free : 3606 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.17105
    WB: Google Chrome : 32.0.1700.102
    WB: Mozilla Firefox : 29.0.1

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: Microsoft Security Essentials [(!) Disabled | Updated]
    AS: Windows Defender [(!) Disabled | (!) Outdated]
    AS: Microsoft Security Essentials [(!) Disabled | Updated]
    FW: Windows FireWall [Enabled]

    C: (%systemdrive%) -> Disque fixe # 279 Go (176 Go libre(s) – 63%) [OS] # NTFS
    D: -> Disque fixe # 101 Go (13 Go libre(s) – 13%) [Data] # NTFS
    E: -> Disque fixe # 293 Go (193 Go libre(s) – 66%) [OS] # NTFS
    F: -> CD-ROM
    G: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [USB DISK] # FAT32
    H: -> Disque amovible # 960 Mo (417 Mo libre(s) – 43%) [NT] # FAT
    I: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 480 |ParentID: 432)
    C:Windowssystem32csrss.exe (ID: 620 |ParentID: 612)
    C:Windowssystem32wininit.exe (ID: 628 |ParentID: 432)
    C:Windowssystem32winlogon.exe (ID: 676 |ParentID: 612)
    C:Windowssystem32services.exe (ID: 724 |ParentID: 628)
    C:Windowssystem32lsass.exe (ID: 732 |ParentID: 628)
    C:Windowssystem32lsm.exe (ID: 740 |ParentID: 628)
    C:Windowssystem32svchost.exe (ID: 832 |ParentID: 724)
    C:Windowssystem32nvvsvc.exe (ID: 896 |ParentID: 724)
    C:Windowssystem32svchost.exe (ID: 936 |ParentID: 724)
    C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 152 |ParentID: 724)
    C:WindowsSystem32svchost.exe (ID: 488 |ParentID: 724)
    C:WindowsSystem32svchost.exe (ID: 504 |ParentID: 724)
    C:Windowssystem32svchost.exe (ID: 484 |ParentID: 724)
    C:Windowssystem32svchost.exe (ID: 588 |ParentID: 724)
    C:Windowssystem32svchost.exe (ID: 1136 |ParentID: 724)
    C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 1272 |ParentID: 896)
    C:Windowssystem32nvvsvc.exe (ID: 1284 |ParentID: 896)
    C:Windowssystem32FBAgent.exe (ID: 1332 |ParentID: 724)
    C:Program Files (x86)ASUSSmartLogonsmartlogon.exe (ID: 1340 |ParentID: 136)
    C:Windowssystem32WLANExt.exe (ID: 1348 |ParentID: 504)
    C:Windowssystem32conhost.exe (ID: 1384 |ParentID: 480)
    C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1396 |ParentID: 724)
    C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1644 |ParentID: 724)
    C:Windowssystem32Dwm.exe (ID: 1652 |ParentID: 504)
    C:Windowssystem32taskeng.exe (ID: 1744 |ParentID: 588)
    C:WindowsSystem32spoolsv.exe (ID: 1812 |ParentID: 724)
    C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 1836 |ParentID: 1396)
    C:Windowssystem32svchost.exe (ID: 1908 |ParentID: 724)
    C:Windowssystem32rundll32.exe (ID: 1108 |ParentID: 724)
    C:WindowsSysWOW64rundll32.exe (ID: 1160 |ParentID: 1108)
    C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 1252 |ParentID: 1836)
    C:Program Files (x86)BonjourmDNSResponder.exe (ID: 1584 |ParentID: 724)
    C:Program FilesIntelWiFibinEvtEng.exe (ID: 1724 |ParentID: 724)
    C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 2052 |ParentID: 1836)
    C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 2096 |ParentID: 1836)
    C:Program Files (x86)Hotspot ShieldHssWPRhsssrv.exe (ID: 2128 |ParentID: 724)
    C:Program Files (x86)Hotspot Shieldbinhsswd.exe (ID: 2168 |ParentID: 724)
    C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 2196 |ParentID: 1744)
    C:ProgramDataBetterSoftContinueToSaveContinueToSave.exe (ID: 2204 |ParentID: 1744)
    C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 2240 |ParentID: 724)
    C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 2504 |ParentID: 724)
    C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe (ID: 2584 |ParentID: 724)
    C:Program Files (x86)GoogleUpdate1.3.22.3GoogleCrashHandler.exe (ID: 2596 |ParentID: 2196)
    C:Program Files (x86)GoogleUpdate1.3.22.3GoogleCrashHandler64.exe (ID: 2612 |ParentID: 2196)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 3208 |ParentID: 724)
    C:Windowssystem32svchost.exe (ID: 3304 |ParentID: 724)
    C:Program FilesIntelTurboBoostTurboBoost.exe (ID: 3332 |ParentID: 724)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3400 |ParentID: 724)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3564 |ParentID: 3400)
    C:Windowssystem32wbemunsecapp.exe (ID: 3616 |ParentID: 832)
    C:Windowssystem32svchost.exe (ID: 1200 |ParentID: 724)
    C:Windowssystem32wbemwmiprvse.exe (ID: 1568 |ParentID: 832)
    C:Windowssystem32wbemwmiprvse.exe (ID: 2144 |ParentID: 832)
    C:WindowsSystem32rundll32.exe (ID: 3724 |ParentID: 832)
    C:Windowssystem32SearchIndexer.exe (ID: 5008 |ParentID: 724)
    C:Windowssystem32svchost.exe (ID: 140 |ParentID: 724)
    C:WindowsSystem32svchost.exe (ID: 4256 |ParentID: 724)
    C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (ID: 3300 |ParentID: 724)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3644 |ParentID: 724)
    C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 4056 |ParentID: 724)
    C:WindowsSystem32rundll32.exe (ID: 1608 |ParentID: 832)
    C:WindowsSystem32WUDFHost.exe (ID: 5428 |ParentID: 504)
    C:Windowssystem32taskeng.exe (ID: 4708 |ParentID: 588)
    C:Windowsexplorer.exe (ID: 5088 |ParentID: 3656)
    C:WindowsSystem32wscript.exe (ID: 4972 |ParentID: 1036)
    C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 4352 |ParentID: 5088)
    C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 5348 |ParentID: 4352)
    C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 5376 |ParentID: 5348)
    C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 5932 |ParentID: 5376)
    C:Windowssystem32SearchProtocolHost.exe (ID: 1256 |ParentID: 5008)
    C:Windowssystem32SearchFilterHost.exe (ID: 5576 |ParentID: 5008)
    C:Windowssystem32DllHost.exe (ID: 2276 |ParentID: 832)
    C:Windowssystem32DllHost.exe (ID: 6004 |ParentID: 832)

    ################## | Recherche générique |

    Supprimé! C:UsersHilaireAppDataRoaming168816984_MicrosoftUpdate.vbe
    Supprimé! G:168816984_MicrosoftUpdate.vbe
    Supprimé! H:168816984_MicrosoftUpdate.vbe
    Supprimé! I:168816984_MicrosoftUpdate.vbe
    Supprimé! H:afrique.lnk
    Supprimé! H:dessins.lnk
    Supprimé! H:WEB.lnk
    Supprimé! H:RECYCLER.lnk
    Supprimé! H:à imprimer stage.lnk
    Supprimé! H:a imprimer dakar.lnk
    Supprimé! H:.fseventsd.lnk
    Supprimé! H:.Trashes.lnk
    Supprimé! H:.Spotlight-V100.lnk
    Supprimé! I:AVF_INFO.lnk
    Supprimé! I:PRIVATE.lnk
    Supprimé! I:DCIM.lnk
    Supprimé! I:MP_ROOT.lnk
    Supprimé! I:Autorun.inf.lnk
    Supprimé! I:syncguid.dat

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-3433864762-517863337-3049944731-1001SoftwareMicrosoftWindowsCurrentVersionRun|168816984_MicrosoftUpdate
    Supprimé! [x64] HKLMSoftwareMicrosoftWindowsCurrentVersionRun|168816984_MicrosoftUpdate

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [Syncables] C:Program Files (x86)syncablessyncables desktopSyncables.exe
    04 – HKCU..Run : [AdobeBridge]
    04 – HKCU..Run : [Facebook Update] “C:UsersHilaireAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKLM..Run : [Nuance PDF Reader-reminder] “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
    04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
    04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
    04 – HKLM..Run : [SonicMasterTray] C:Program Files (x86)ASUSSonic FocusSonicFocusTray.exe
    04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    04 – HKLM..Run : [UpdateLBPShortCut] “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
    04 – HKLM..Run : [UpdateP2GoShortCut] “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
    04 – HKLM..Run : [Browser companion helper] C:Program Files (x86)BrowserCompanionBCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS}
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLM..Run : [YTDownloader] “C:Program Files (x86)YTDownloaderYTDownloader.exe” /boot
    04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
    04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
    04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
    04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /SF3
    04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
    04 – [x64] HKLM..Run : [IntelPAN] “C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe” /tf Intel PAN Tray
    04 – [x64] HKLM..Run : [IntelTBRunOnce] wscript.exe //b //nologo “C:Program FilesIntelTurboBoostRunTBGadgetOnce.vbs”
    04 – [x64] HKLM..Run : [Setwallpaper] c:programdataSetWallpaper.cmd
    04 – [x64] HKLM..Run : [MSC] “C:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [Syncables] C:Program Files (x86)syncablessyncables desktopSyncables.exe
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [AdobeBridge]
    04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [Facebook Update] “C:UsersHilaireAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Listing |

    [08/11/2012 – 16:30:27 | SHD] – C:$Recycle.Bin
    [31/01/2014 – 22:47:32 | D] – C:adobeTemp
    [28/01/2012 – 00:14:16 | D] – C:ASUS.DAT
    [13/04/2011 – 04:49:40 | D] – C:AsusVibeData
    [28/01/2012 – 00:49:03 | D] – C:Autodesk
    [29/07/2009 – 08:03:34 | SHD] – C:Boot
    [14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [29/01/2012 – 00:33:44 | D] – C:eSupport
    [09/12/2013 – 09:38:55 | D] – C:found.000
    [10/05/2014 – 21:20:45 | ASH | 4650828 Ko] – C:hiberfil.sys
    [29/01/2012 – 00:19:19 | D] – C:Intel
    [28/01/2012 – 16:57:01 | RHD] – C:MSOCache
    [10/05/2014 – 21:20:51 | ASH | 6201108 Ko] – C:pagefile.sys
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [19/10/2013 – 18:37:06 | D] – C:Program Files
    [10/05/2014 – 10:41:26 | D] – C:Program Files (x86)
    [01/03/2014 – 02:33:15 | HD] – C:ProgramData
    [28/01/2012 – 00:09:50 | SHD] – C:Recovery
    [10/05/2014 – 11:36:53 | SHD] – C:System Volume Information
    [03/02/2012 – 11:33:44 | D] – C:temp
    [10/05/2014 – 21:39:47 | D] – C:UsbFix
    [10/05/2014 – 21:33:10 | N | 16 Ko | C01F08616E0B7ACC9C5996A686374948] – C:UsbFix [Clean 2] HILAIRE-PC.txt
    [10/05/2014 – 21:39:29 | N | 16 Ko | 3FD6140A2924242C36D66570C0ED1350] – C:UsbFix [Clean 4] HILAIRE-PC.txt
    [10/05/2014 – 21:41:13 | A | 12 Ko | F292D90665EAB826E7C085BF01475A01] – C:UsbFix [Clean 6] HILAIRE-PC.txt
    [10/05/2014 – 17:41:27 | N | 14 Ko | 70BDC06B430054A593240B630CBB30F8] – C:UsbFix [Scan 1] HILAIRE-PC.txt
    [28/01/2012 – 00:12:17 | D] – C:Users
    [29/01/2012 – 01:03:26 | D] – C:WIMAPPLY
    [06/05/2014 – 07:46:15 | D] – C:Windows
    [10/11/2012 – 06:34:37 | SHD] – D:$RECYCLE.BIN
    [05/05/2014 – 22:16:11 | D] – D:archi
    [23/09/2013 – 14:28:59 | D] – D:dessins
    [05/02/2014 – 16:42:40 | D] – D:important
    [03/05/2014 – 10:18:20 | D] – D:musique
    [29/01/2012 – 00:06:43 | SHD] – D:System Volume Information
    [01/05/2012 – 16:17:49 | N | 0 Ko] – D:~$763ACF41 wifi.docx
    [29/11/2013 – 14:54:16 | SHD] – E:$RECYCLE.BIN
    [06/02/2012 – 01:27:02 | D] – E:3660b68b0cd6b2b4bf3ca529b85c24
    [07/02/2012 – 01:52:43 | D] – E:60e5e4daf19e4f3a27
    [05/05/2014 – 08:56:31 | D] – E:66ce9348d55b6cb11e3c08cbf6728e
    [05/05/2014 – 20:03:05 | D] – E:6c1cfbd528888c2682151a49c0
    [14/12/2013 – 21:02:11 | D] – E:b9c93e85eb1002767700
    [28/01/2012 – 06:20:07 | N | 0 Ko] – E:Data (D) – Raccourci.lnk
    [18/02/2014 – 19:26:53 | D] – E:films
    [05/05/2014 – 22:16:40 | D] – E:M2
    [05/03/2014 – 09:23:32 | D] – E:photos
    [29/01/2012 – 00:06:46 | SHD] – E:System Volume Information
    [20/03/2014 – 07:43:04 | D] – H:afrique
    [25/03/2014 – 11:24:08 | D] – H:dessins
    [03/03/2014 – 11:56:34 | D] – H:à imprimer stage
    [02/03/2014 – 21:22:30 | D] – H:a imprimer dakar
    [02/04/2014 – 12:17:22 | D] – H:WEB
    [22/04/2012 – 07:47:46 | H | 0 Ko] – H:AUTORUN.INF
    [28/04/2012 – 09:04:56 | N | 0 Ko] – H:~$Eval Stage Appro.xlsx
    [02/04/2014 – 12:15:42 | SHD] – H:.fseventsd
    [02/04/2014 – 12:35:26 | N | 4 Ko] – H:._WEB
    [28/07/2012 – 00:46:50 | AH | 4 Ko] – H:._.Trashes
    [28/07/2012 – 00:46:50 | SHD] – H:.Trashes
    [13/09/2011 – 10:56:28 | N | 0 Ko] – H:drive.id
    [28/07/2012 – 00:46:50 | SHD] – H:.Spotlight-V100
    [20/10/2011 – 09:41:44 | SHD] – H:RECYCLER
    [10/05/2014 – 21:35:34 | D] – I:AVF_INFO
    [10/05/2014 – 21:35:38 | D] – I:PRIVATE
    [10/05/2014 – 21:35:42 | D] – I:DCIM
    [10/05/2014 – 21:35:42 | D] – I:MP_ROOT

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2o9oz7yr]

  • Anonyme
    Nombre d'articles : 1400

    re

    ok, fait ceci et poste le rapport s’il te plaît

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    :merci2:

  • Anonyme
    Nombre d'articles : 1400

    :hello: hbaud,

    je ne pense pas que tu repasses sur le topic, c’est dommage :P:

    [norephelpe:2ydwgkew][/norephelpe:2ydwgkew]

Le sujet ‘Virus supports amovibles raccourcis’ est fermé à de nouvelles réponses.