Répondre à : Raccourçis sur mes usb externes 2016-09-08T13:02:22+00:00
Photo du profil de looping21looping21
Participant
Post count: 21

Bon alors, pas de rapport,
donc j’ai refait l’opération et voilà le rapport :[spoiler:1hc2a6ua]############################## | UsbFix V 7.129 | [Suppression]

Utilisateur: arv_000 (Administrateur) # RVA
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 16:47:18 | 31/07/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: https://www.sosvirus.net/upload-malware-pour-analyse-t489.html” onclick=”window.open(this.href);return false;
Contact: contact@sosvirus.net

PC: Hewlett-Packard (HP Pavilion Sleekbook 15 PC) (x64-based PC)
CPU: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz (1701)
RAM -> [Total : 8084 | Free : 6346]
BIOS: F.18
BOOT: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
WB: Windows Internet Explorer 10.0.9200.16635

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 677 Go (445 Go libre(s) – 66%) [] # NTFS
D: -> Disque fixe # 20 Go (2 Go libre(s) – 12%) [RECOVERY] # NTFS
E: -> Disque amovible # 4 Go (373 Mo libre(s) – 10%) [ALLARD] # FAT32
F: -> Disque amovible # 2 Go (2 Go libre(s) – 97%) [] # FAT
G: -> Disque fixe # 233 Go (155 Go libre(s) – 67%) [FreeAgent GoFlex Drive] # NTFS

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
HKLMSOFTWARE | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [BingDesktop] – C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
HKLMSOFTWARE | Run : [Wondershare Helper Compact] – “C:Program Files (x86)Common FilesWondershareWondershare Helper CompactWSHelper.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
HKLMSOFTWAREwow6432Node | Run : [HP CoolSense] – C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe -byrunkey
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [HP Quick Launch] – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [BingDesktop] – C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe /fromkey
HKLMSOFTWAREwow6432Node | Run : [Wondershare Helper Compact] – “C:Program Files (x86)Common FilesWondershareWondershare Helper CompactWSHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-3118297187-1878732117-1511279401-1003SOFTWARE | Run : [uTorrent] – “C:Usersarv_000AppDataRoaminguTorrentuTorrent.exe” /MINIMIZED
HKUS-1-5-21-3118297187-1878732117-1511279401-1003SOFTWARE | Run : [GoogleDriveSync] – “C:Program Files (x86)GoogleDrivegoogledrivesync.exe” /autostart
HKUS-1-5-21-3118297187-1878732117-1511279401-1003SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
HKUS-1-5-21-3118297187-1878732117-1511279401-1003SOFTWARE | Run : [KiesAirMessage] – C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
HKUS-1-5-21-3118297187-1878732117-1511279401-1003SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
HKUS-1-5-21-3118297187-1878732117-1511279401-1003SOFTWARE | Run : [gStart] – C:Program Files (x86)GarminTraining CentergStart.exe
HKUS-1-5-21-3118297187-1878732117-1511279401-1003SOFTWARE | Run : [AdobeBridge] –
HKUS-1-5-21-3118297187-1878732117-1511279401-1003SOFTWARE | Run : [6840952A1B9BA2793A7A465C28BD6234230F76EB._service_run] – “C:Program Files (x86)GoogleChromeApplicationchrome.exe” –type=service
HKUS-1-5-21-3118297187-1878732117-1511279401-1003SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (900)
Stoppé! C:Program FilesIDTWDMSTacSV64.exe (1068)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (1132)
Stoppé! C:Windowssystem32nvvsvc.exe (1140)
Stoppé! C:Windowssystem32Hpservice.exe (1312)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (1628)
Stoppé! C:WindowsSystem32spoolsv.exe (1860)
Stoppé! C:Program Files (x86)Common FilesArcSoftesinterBineservutil.exe (520)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (1128)
Stoppé! C:Program Files (x86)MicrosoftBingDesktopBingDesktopUpdater.exe (1336)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (1548)
Stoppé! C:Windowssystem32dashost.exe (1588)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe (1832)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (1056)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (1264)
Stoppé! C:Windowssystem32taskhostex.exe (2428)
Stoppé! C:Program FilesCommon FilesNitroPro8.0NitroPDFDriverService8x64.exe (2584)
Stoppé! C:WindowsSysWOW64NLSSRV32.EXE (2644)
Stoppé! C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe (2824)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (2844)
Stoppé! C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe (2928)
Stoppé! C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler64.exe (2060)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweLiveComm.exe (2904)
Stoppé! C:Windowssystem32SearchIndexer.exe (4244)
Stoppé! C:WindowsSystem32WUDFHost.exe (4732)
Stoppé! C:WindowsSystem32hkcmd.exe (4192)
Stoppé! C:WindowsSystem32igfxpers.exe (4284)
Stoppé! C:Program FilesIDTWDMsttray64.exe (3308)
Stoppé! C:Program Files (x86)DruideAntidote 8Programmes32AgentAntidote.exe (176)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (4120)
Stoppé! C:Program Files (x86)DruideAntidote 8Programmes64AgentAntidote.exe (5108)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (5008)
Stoppé! C:Usersarv_000AppDataRoaminguTorrentuTorrent.exe (4212)
Stoppé! C:Program Files (x86)SamsungKiesKies.exe (4692)
Stoppé! C:Program Files (x86)SamsungKiesKiesAirMessage.exe (5596)
Stoppé! C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe (5900)
Stoppé! C:Program Files (x86)GarminTraining CentergStart.exe (5308)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (1612)
Stoppé! C:WindowsSystem32StikyNot.exe (4804)
Stoppé! C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe (6088)
Stoppé! C:Usersarv_000AppDataRoamingDropboxbinDropbox.exe (5176)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (5380)
Stoppé! C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (4952)
Stoppé! C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe (6048)
Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (5316)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (1636)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (4708)
Stoppé! C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (5028)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe (3428)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (4592)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (3068)
Stoppé! C:Windowssystem32taskhost.exe (2764)
Stoppé! C:WindowsSysWOW64ctfmon.exe (5608)

################## | Éléments infectieux |

Supprimé! C:Usersarv_000AppDataRoaming3SY6DMIJCE.exe
Supprimé! E:episode 1.lnk
Supprimé! E:episode 2.lnk
Supprimé! E:episode 3.lnk
Supprimé! E:episode 4.lnk
Supprimé! E:episode 5.lnk
Supprimé! E:episode 6.lnk
Supprimé! E:episode 7.lnk
Supprimé! E:Antidote 8 v2.lnk
Supprimé! E:Installe Antidote.lnk
Supprimé! E:Read me.lnk
Supprimé! E:Antidote8vx_Patcher.lnk
Supprimé! E:LOST.DIR.lnk
Supprimé! E:windows oRION.lnk
Supprimé! E:msi.lnk
Supprimé! E:Autorun.inf.lnk
Supprimé! F:MARY.lnk
Supprimé! F:.lnk
Supprimé! F:DCIM.lnk
Supprimé! F:Autorun.inf.lnk
Supprimé! C:Usersarv_000AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupgoogle.vbs_crypted.vbs
Supprimé! G:Thumbs.db
Supprimé! C:Program Files (x86)google.vbs_crypted.vbs
Supprimé! C:WindowsSystem32google.vbs_crypted.vbs
Supprimé! E:google.vbs_crypted.vbs
Supprimé! F:google.vbs_crypted.vbs

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCUSoftwareVB and VBA Program SettingsINSTALL

################## | Mountpoints2 |

Supprimé! HKCU….ExplorerMountPoints2{6bd016ff-b2f8-11e2-be91-8434977fffc4}

################## | Listing |

[03/05/2013 – 15:41:38 | SHD ] C:$Recycle.Bin
[02/05/2013 – 19:18:12 | D ] C:$SysReset
[31/07/2013 – 11:40:51 | N | 16511] C:AdwCleaner[R1].txt
[31/07/2013 – 11:41:28 | N | 16572] C:AdwCleaner[R2].txt
[31/07/2013 – 11:42:57 | N | 16184] C:AdwCleaner[S1].txt
[31/07/2013 – 11:30:39 | RASHD ] C:Autorun.inf
[04/08/2012 – 01:21:36 | SHD ] C:Boot
[26/07/2012 – 05:44:30 | RASH | 398156] C:bootmgr
[02/06/2012 – 16:30:55 | N | 1] C:BOOTNXT
[04/08/2012 – 01:21:37 | N | 8192] C:BOOTSECT.BAK
[29/07/2013 – 16:07:44 | D ] C:Config.Msi
[14/05/2013 – 10:35:50 | D ] C:Cumulus
[26/07/2012 – 09:22:08 | SHD ] C:Documents and Settings
[19/03/2013 – 10:41:37 | D ] C:Download
[01/05/2013 – 19:02:06 | D ] C:Extracted
[31/07/2013 – 14:57:42 | ASH | 6781579264] C:hiberfil.sys
[02/05/2013 – 18:16:03 | D ] C:HP
[04/08/2012 – 00:39:51 | D ] C:inetpub
[04/10/2012 – 15:11:20 | D ] C:Intel
[01/05/2013 – 18:51:55 | RHD ] C:MSOCache
[03/05/2013 – 19:58:15 | D ] C:NVIDIA
[31/07/2013 – 14:57:44 | ASH | 1275068416] C:pagefile.sys
[26/07/2012 – 09:33:46 | D ] C:PerfLogs
[05/07/2013 – 07:39:26 | D ] C:Program Files
[31/07/2013 – 16:56:27 | D ] C:Program Files (x86)
[31/07/2013 – 13:09:09 | HD ] C:ProgramData
[21/02/2013 – 17:44:27 | D ] C:sources
[31/07/2013 – 14:57:44 | ASH | 268435456] C:swapfile.sys
[27/07/2013 – 11:28:48 | D ] C:SWSetup
[30/07/2013 – 13:34:40 | SHD ] C:System Volume Information
[02/05/2013 – 18:07:02 | D ] C:SYSTEM.SAV
[04/10/2012 – 15:13:02 | D ] C:temp
[19/03/2013 – 10:41:37 | D ] C:tmpDownload
[29/03/2013 – 20:33:14 | N | 426496] C:TubeBox_Setup.exe
[31/07/2013 – 16:57:03 | D ] C:UsbFix
[31/07/2013 – 14:32:43 | N | 9924] C:UsbFix [Clean 2] RVA.txt
[31/07/2013 – 16:57:28 | A | 12049] C:UsbFix [Clean 4] RVA.txt
[31/07/2013 – 11:22:37 | N | 5545] C:UsbFix [Listing 1 ] RVA.txt
[31/07/2013 – 15:01:05 | N | 7137] C:UsbFix [Listing 2 ] RVA.txt
[31/07/2013 – 11:20:26 | N | 12778] C:UsbFix [Scan 1] RVA.txt
[31/07/2013 – 11:34:36 | N | 12769] C:UsbFix [Scan 2] RVA.txt
[02/05/2013 – 17:51:57 | D ] C:Users
[23/05/2013 – 18:22:46 | D ] C:wdisplay
[18/07/2013 – 13:11:54 | D ] C:Windows
[02/05/2013 – 23:07:04 | D ] C:Windows.old
[19/03/2013 – 10:34:18 | D ] C:YouTubeGet
[21/02/2013 – 16:51:37 | SHD ] D:$RECYCLE.BIN
[31/07/2013 – 11:30:42 | RASHD ] D:Autorun.inf
[04/10/2012 – 16:54:31 | RSHD ] D:boot
[26/07/2012 – 05:44:32 | RASH | 398156] D:bootmgr
[26/07/2012 – 06:57:10 | N | 1350896] D:bootmgr.efi
[04/10/2012 – 16:54:31 | D ] D:EFI
[04/10/2012 – 16:54:31 | D ] D:FactoryUpdate
[04/10/2012 – 16:54:31 | D ] D:hp
[03/05/2013 – 03:45:15 | RSHD ] D:preload
[01/05/2013 – 20:48:29 | RSD ] D:recovery
[03/05/2013 – 11:46:48 | N | 427] D:RMCStatus.bin
[04/10/2012 – 16:54:31 | D ] D:RM_Reserve
[02/05/2013 – 19:01:14 | SHD ] D:System Volume Information
[08/05/2013 – 00:20:00 | N | 333537280] E:episode 1.avi
[08/05/2013 – 00:25:16 | N | 326299648] E:episode 2.avi
[08/05/2013 – 00:25:16 | N | 353863680] E:episode 3.avi
[08/05/2013 – 00:23:52 | N | 731398144] E:episode 4.avi
[08/05/2013 – 00:24:52 | N | 332967936] E:episode 5.avi
[08/05/2013 – 00:23:52 | N | 335226880] E:episode 6.avi
[08/05/2013 – 00:24:36 | N | 356917248] E:episode 7.avi
[09/05/2013 – 22:48:02 | D ] E:LOST.DIR
[02/05/2013 – 21:02:44 | N | 1740] E:Antidote 8 v2.nfo
[02/05/2013 – 20:59:20 | N | 7718984] E:Installe Antidote.exe
[02/05/2013 – 21:02:44 | N | 520] E:Read me.txt
[02/05/2013 – 21:02:44 | N | 12800] E:Antidote8vx_Patcher.exe
[11/06/2013 – 09:23:30 | D ] E:windows oRION
[31/07/2013 – 11:30:44 | SHD ] E:Autorun.inf
[02/05/2013 – 20:45:24 | D ] E:msi
[09/07/2013 – 02:19:34 | N | 39321600] F:.HPIMAGE.VFS
[01/07/2013 – 04:57:18 | D ] F:DCIM
[31/07/2013 – 11:30:48 | SHD ] F:Autorun.inf
[05/05/2013 – 13:41:12 | SHD ] G:$RECYCLE.BIN
[08/01/2012 – 12:11:39 | D ] G:Angry.Birds.Seasons.v2.1.0.cracked.READ.NFO-THETA
[08/01/2012 – 13:06:15 | D ] G:ff16b8d3bee18624a680f6c5a5c4427c
[12/07/2013 – 09:12:18 | D ] G:Films Bruno
[27/08/2011 – 15:28:15 | N | 68417478] G:install_eng.exe
[05/05/2013 – 13:46:18 | D ] G:LOGICIELS PC
[05/05/2013 – 13:43:54 | D ] G:PROFESSIONNEL
[15/12/2011 – 16:41:23 | N | 1342282] G:psc1-juillet_2009.pdf
[07/07/2013 – 14:14:31 | SHD ] G:RECYCLER
[21/11/2012 – 19:36:20 | D ] G:SAUVEGARDE BB 2000
[24/02/2011 – 15:35:42 | D ] G:SEAGATE
[18/11/2012 – 17:49:38 | SHD ] G:System Volume Information
[11/02/2010 – 15:57:44 | N | 1585446912] G:Systèm2_C_11_02_20101.tib
[31/03/2011 – 15:28:31 | D ] G:WinRAR.3.93.Final.FRENCH.AiO.Corporate.Edition.WinALL-DTC

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |


[/spoiler:1hc2a6ua]J’espère que cela t’aidera pour résoudre mon problème.
encore merci de prendre du temps pour moi. :)