Répondre à : Rapport UsbFix 2016-09-08T13:10:20+00:00
Amandine
Nombre d'articles : 0

Voici le nouveau rapport UsbFix (clean).
Je suis d’accord de vérifier s’il y a d’autres infections.

Amandine.

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: User (Administrateur) # USER-PC
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 17:10:00 | 20/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (K54C)
CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
RAM -> [Total : 4000 | Free : 1932]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Bitdefender Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 186 Go (108 Go libre(s) – 58%) [OS] # NTFS
D: -> Disque fixe # 254 Go (210 Go libre(s) – 82%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 958 Mo (932 Mo libre(s) – 97%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
HKLMSOFTWARE | Run : [SonicMasterTray] – C:Program Files (x86)ASUSSonic FocusSonicFocusTray.exe
HKLMSOFTWARE | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
HKLMSOFTWARE | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
HKLMSOFTWARE | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
HKLMSOFTWARE | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [Nuance PDF Reader-reminder] – “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
HKLMSOFTWAREwow6432Node | Run : [SonicMasterTray] – C:Program Files (x86)ASUSSonic FocusSonicFocusTray.exe
HKLMSOFTWAREwow6432Node | Run : [ATKOSD2] – C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
HKLMSOFTWAREwow6432Node | Run : [ATKMEDIA] – C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
HKLMSOFTWAREwow6432Node | Run : [HControlUser] – C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
HKLMSOFTWAREwow6432Node | Run : [Wireless Console 3] – C:Program Files (x86)ASUSWireless Console 3wcourier.exe
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1747940908-1875828394-673419322-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-1747940908-1875828394-673419322-1000SOFTWARE | Run : [OfficeSyncProcess] – “C:Program Files (x86)Microsoft OfficeOffice14MSOSYNC.EXE”
HKUS-1-5-21-1747940908-1875828394-673419322-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-1747940908-1875828394-673419322-1000SOFTWARE | Run : [dxrpdiag] – wscript.exe //B “C:UsersUserAppDataLocalTempdxrpdiag.vbs”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program FilesBitdefenderBitdefender 2012vsserv.exe (ID 968 |ParentID 728)
Stoppé! C:Windowssystem32FBAgent.exe (ID 1632 |ParentID 728)
Stoppé! C:Windowssystem32WLANExt.exe (ID 1640 |ParentID 1236)
Stoppé! C:Windowssystem32conhost.exe (ID 1648 |ParentID 600)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID 1704 |ParentID 728)
Stoppé! C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID 1764 |ParentID 728)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1896 |ParentID 728)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1964 |ParentID 728)
Stoppé! C:Windowssystem32taskhost.exe (ID 2196 |ParentID 728)
Stoppé! C:Program FilesBitdefenderBitdefender 2012bdagent.exe (ID 2228 |ParentID 2212)
Stoppé! C:WindowsExplorer.EXE (ID 2360 |ParentID 2272)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 2564 |ParentID 728)
Stoppé! C:Windowssystem32taskeng.exe (ID 2572 |ParentID 1296)
Stoppé! C:Windowssystem32taskeng.exe (ID 2620 |ParentID 1296)
Stoppé! C:Program Files (x86)ASUSSplendidACMON.exe (ID 2628 |ParentID 2572)
Stoppé! C:Program Files (x86)ASUSFaceLogonsensorsrv.exe (ID 2644 |ParentID 2572)
Stoppé! C:Program FilesASUSP4GBatteryLife.exe (ID 2700 |ParentID 2572)
Stoppé! C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID 2712 |ParentID 2620)
Stoppé! C:WindowsSysWOW64ACEngSvr.exe (ID 2844 |ParentID 912)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID 2872 |ParentID 1704)
Stoppé! C:WindowsSystem32igfxtray.exe (ID 2944 |ParentID 2360)
Stoppé! C:Program Files (x86)ASUSInstantOn for NBInsOnSrv.exe (ID 2968 |ParentID 728)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID 3016 |ParentID 728)
Stoppé! C:Program Files (x86)PDF ArchitectHelperService.exe (ID 2080 |ParentID 728)
Stoppé! C:WindowsSystem32hkcmd.exe (ID 116 |ParentID 2360)
Stoppé! C:WindowsSystem32igfxpers.exe (ID 2680 |ParentID 2360)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2140 |ParentID 2360)
Stoppé! C:Program Files (x86)PDF ArchitectConversionService.exe (ID 2128 |ParentID 728)
Stoppé! C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe (ID 3088 |ParentID 2360)
Stoppé! C:Program FilesRealtekAudioHDARAVBg64.exe (ID 3228 |ParentID 2360)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID 3304 |ParentID 2360)
Stoppé! C:Program Files (x86)Microsoft OfficeOffice14MSOSYNC.EXE (ID 3332 |ParentID 2360)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 3364 |ParentID 2360)
Stoppé! C:WindowsSystem32wscript.exe (ID 3392 |ParentID 2360)
Stoppé! C:Program FilesBitdefenderBitdefender 2012updatesrv.exe (ID 3648 |ParentID 728)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3712 |ParentID 728)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 3940 |ParentID 3712)
Stoppé! C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.EXE (ID 3580 |ParentID 2360)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 4240 |ParentID 728)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 4456 |ParentID 2140)
Stoppé! C:WindowsAsScrPro.exe (ID 4592 |ParentID 1632)
Stoppé! C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (ID 4720 |ParentID 1632)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 4884 |ParentID 1632)
Stoppé! C:Program Files (x86)ASUSSonic FocusSonicFocusTray.exe (ID 5096 |ParentID 3400)
Stoppé! C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID 3468 |ParentID 3400)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe (ID 4104 |ParentID 3400)
Stoppé! C:Program Files (x86)ASUSWireless Console 3wcourier.exe (ID 3108 |ParentID 3400)
Stoppé! C:Program Files (x86)iTunesiTunesHelper.exe (ID 3800 |ParentID 3400)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 3772 |ParentID 3400)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 2020 |ParentID 728)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID 5396 |ParentID 728)
Stoppé! C:Program Files (x86)ASUSInstantOn for NBInsOnWMI.exe (ID 5736 |ParentID 2968)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID 5964 |ParentID 2872)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID 5516 |ParentID 2872)
Stoppé! C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID 5212 |ParentID 2872)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 6876 |ParentID 728)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 2608 |ParentID 728)
Stoppé! C:Windowssystem32DllHost.exe (ID 1424 |ParentID 912)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 7004 |ParentID 1236)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 6984 |ParentID 3132)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3756 |ParentID 6984)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4968 |ParentID 6984)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 5024 |ParentID 6984)

################## | Éléments infectieux |

Supprimé! F:dxrpdiag.vbs
Supprimé! C:UsersUserAppDataLocalTempdxrpdiag.vbs
Supprimé! C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupdxrpdiag.vbs
Supprimé! F:Autre.lnk
Supprimé! F:Hygiène.lnk
Supprimé! F:Chimie générale.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-1747940908-1875828394-673419322-1000SoftwareMicrosoftWindowsCurrentVersionRun|dxrpdiag

################## | Listing |

[23/09/2013 – 22:49:14 | SHD ] C:$Recycle.Bin
[20/10/2013 – 15:07:30 | D ] C:ASUS.DAT
[11/10/2011 – 13:18:45 | N | 44] C:ASUS.md5
[19/10/2011 – 06:34:37 | D ] C:AsusVibeData
[19/10/2013 – 23:04:41 | N | 418061] C:bdlog.txt
[29/07/2009 – 08:03:34 | SHD ] C:Boot
[14/07/2009 – 03:38:58 | RASH | 383562] C:bootmgr
[29/07/2009 – 08:03:37 | RASH | 8192] C:BOOTSECT.BAK
[23/03/2012 – 19:54:24 | N | 13386] C:devlist.txt
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[23/03/2012 – 19:41:34 | D ] C:eSupport
[23/03/2012 – 19:54:24 | N | 9] C:Finish.log
[20/10/2013 – 15:06:25 | ASH | 3145826304] C:hiberfil.sys
[23/03/2012 – 19:35:46 | D ] C:Intel
[03/11/2011 – 04:16:26 | N | 2621440] C:K54C.BIN
[21/12/2011 – 09:50:59 | N | 19] C:K54C_WIN7.30
[31/08/2012 – 14:26:11 | RHD ] C:MSOCache
[23/05/2013 – 14:26:04 | D ] C:narbonne été 2012
[20/10/2013 – 15:06:31 | ASH | 4194435072] C:pagefile.sys
[23/03/2012 – 20:55:46 | N | 303] C:Pass.txt
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[27/08/2013 – 23:14:10 | D ] C:Program Files
[12/10/2013 – 15:48:14 | D ] C:Program Files (x86)
[27/08/2013 – 23:14:09 | HD ] C:ProgramData
[31/08/2012 – 11:13:44 | SHD ] C:Recovery
[21/12/2011 – 09:50:59 | N | 6] C:RECOVERY.DAT
[23/03/2012 – 19:40:14 | N | 2532] C:RHDSetup.log
[30/08/2011 – 07:00:22 | N | 1083] C:setup.iss
[11/10/2013 – 17:00:19 | SHD ] C:System Volume Information
[20/10/2013 – 17:10:49 | D ] C:UsbFix
[20/10/2013 – 17:12:04 | A | 12349] C:UsbFix [Clean 1] USER-PC.txt
[20/10/2013 – 16:54:14 | N | 12210] C:UsbFix [Scan 2] USER-PC.txt
[31/08/2012 – 11:15:41 | RD ] C:Users
[27/08/2013 – 21:14:19 | D ] C:Windows
[31/08/2012 – 11:16:26 | SHD ] D:$RECYCLE.BIN
[11/09/2013 – 18:10:39 | D ] D:2013-07-14
[20/10/2013 – 16:11:56 | D ] D:Amandine
[11/09/2013 – 18:12:07 | D ] D:Amsterdam ludo
[15/10/2013 – 15:32:04 | N | 36125224] D:Anat.pdf
[15/10/2013 – 15:58:14 | N | 7070529] D:Bio.pdf
[18/09/2013 – 22:16:17 | D ] D:Camp baladin 2013 Jalhay
[13/09/2013 – 09:16:21 | D ] D:Copie clé bis
[17/03/2013 – 12:32:59 | D ] D:Copie Clé usb
[18/09/2013 – 22:21:35 | D ] D:Copie clé usb verte
[16/09/2013 – 21:51:25 | N | 13373] D:escalade voile stage réponse.docx
[27/08/2013 – 20:29:33 | D ] D:Firefox
[11/09/2013 – 18:06:50 | D ] D:Francofolies 2013
[22/09/2013 – 21:42:25 | D ] D:Haute Ecole Charemagne
[21/09/2013 – 15:14:28 | D ] D:Hollande 2013
[06/09/2013 – 14:14:26 | D ] D:Horaires de bus
[18/09/2013 – 22:16:24 | D ] D:Impression recto_verso couleur
[29/09/2013 – 16:46:45 | N | 13190] D:message Alice.docx
[18/09/2013 – 17:58:33 | D ] D:Porte ouverte Bras-sur-Lienne Hélicopthère
[01/09/2012 – 02:16:27 | SHD ] D:System Volume Information
[26/09/2013 – 07:51:20 | N | 194215] D:tableau_descriptif_alter_ang_sept.pdf
[11/09/2013 – 18:04:23 | D ] D:ULg
[29/09/2013 – 16:11:39 | D ] D:Wallangue
[01/06/2013 – 12:41:01 | N | 162] D:~$sum__Bio-2.doc
[18/09/2013 – 22:25:22 | D ] F:Autre
[08/10/2013 – 14:57:50 | D ] F:Chimie générale
[08/10/2013 – 14:58:42 | D ] F:Hygiène

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |