Répondre à : Clefs usb transforme mes dossiers en raccourcis 2016-09-08T13:11:47+00:00
Photo du profil de malee69malee69
Participant
Post count: 13

Bonjour, merci de ta réponse !

Voici mon rapport usb fix :

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: Amélie (Administrateur) # AMELIE
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 12:54:58 | 28/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0N7J7M)
CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
RAM -> [Total : 4058 | Free : 2113]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 283 Go (123 Go libre(s) – 43%) [OS] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [AMÉLIE!] # FAT32
F: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWARE | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWARE | Run : [Desktop Disc Tool] – “C:Program Files (x86)RoxiooemRoxio BurnRoxioBurnLauncher.exe”
HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWARE | Run : [Archos Sepang ModemListener] – C:Program Files (x86)HSPA USB MODEMBackgroundServiceModemListener.exe start
HKLMSOFTWARE | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | Run : [RIMBBLaunchAgent.exe] – C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [36985V~2] – “C:UsersAMLIE~1AppDataLocalTemp36985V~2.VBS”
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWAREwow6432Node | Run : [Dell Webcam Central] – “C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe” /mode2
HKLMSOFTWAREwow6432Node | Run : [Desktop Disc Tool] – “C:Program Files (x86)RoxiooemRoxio BurnRoxioBurnLauncher.exe”
HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWAREwow6432Node | Run : [Archos Sepang ModemListener] – C:Program Files (x86)HSPA USB MODEMBackgroundServiceModemListener.exe start
HKLMSOFTWAREwow6432Node | Run : [avgnt] – “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWAREwow6432Node | Run : [RIMBBLaunchAgent.exe] – C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [36985V~2] – “C:UsersAMLIE~1AppDataLocalTemp36985V~2.VBS”
HKLMSOFTWARE | RunOnce : [“C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”] – “C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [“C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”] – “C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe”
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1745398308-758821063-452343381-1000SOFTWARE | Run : [Google Update] – “C:UsersAmélieAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-1745398308-758821063-452343381-1000SOFTWARE | Run : [ISUSPM] – “C:Program Files (x86)Common FilesInstallShieldUpdateServiceISUSPM.exe” -scheduler
HKUS-1-5-21-1745398308-758821063-452343381-1000SOFTWARE | Run : [Facebook Update] – “C:UsersAmélieAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1745398308-758821063-452343381-1000SOFTWARE | Run : [cacaoweb] – “C:UsersAmélieAppDataRoamingcacaowebcacaoweb.exe” -noplayer
HKUS-1-5-21-1745398308-758821063-452343381-1000SOFTWARE | Run : [36985V~2] – “C:UsersAMLIE~1AppDataLocalTemp36985V~2.VBS”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Processus Stoppés |

Stoppé! C:Program FilesDellDellDockDockLogin.exe (ID 332 |ParentID 544)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1256 |ParentID 544)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID 1292 |ParentID 544)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1408 |ParentID 544)
Stoppé! C:Program FilesRealtekAudioHDAAERTSr64.exe (ID 1432 |ParentID 544)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID 1468 |ParentID 544)
Stoppé! C:Program Files (x86)HSPA USB MODEMBackgroundServiceServiceManager.exe (ID 1496 |ParentID 544)
Stoppé! C:Program Files (x86)Dell DataSafe Local Backupsftservice.EXE (ID 1640 |ParentID 544)
Stoppé! C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe (ID 1680 |ParentID 544)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 1904 |ParentID 544)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 1068 |ParentID 1904)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID 2344 |ParentID 1468)
Stoppé! C:Windowssystem32taskhost.exe (ID 2148 |ParentID 544)
Stoppé! C:Program Files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXE (ID 1184 |ParentID 1640)
Stoppé! C:WindowsExplorer.EXE (ID 2084 |ParentID 1816)
Stoppé! C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpd.exe (ID 1796 |ParentID 1812)
Stoppé! C:Program Files (x86)Dell DataSafe Local BackupToaster.exe (ID 2528 |ParentID 2824)
Stoppé! C:WindowsSystem32igfxtray.exe (ID 3076 |ParentID 2084)
Stoppé! C:WindowsSystem32hkcmd.exe (ID 3084 |ParentID 2084)
Stoppé! C:WindowsSystem32igfxpers.exe (ID 3092 |ParentID 2084)
Stoppé! C:Program FilesDellQuickSetquickset.exe (ID 3112 |ParentID 2084)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 3144 |ParentID 2084)
Stoppé! C:Program FilesDellTPadApoint.exe (ID 3152 |ParentID 2084)
Stoppé! C:Program FilesMicrosoft IntelliPointipoint.exe (ID 3176 |ParentID 2084)
Stoppé! C:Windowssystem32igfxsrvc.exe (ID 3188 |ParentID 672)
Stoppé! C:UsersAmélieAppDataRoamingcacaowebcacaoweb.exe (ID 3468 |ParentID 2084)
Stoppé! C:WindowsSystem32WScript.exe (ID 3728 |ParentID 2084)
Stoppé! C:Program FilesDellTPadApMsgFwd.exe (ID 3832 |ParentID 3152)
Stoppé! C:Program FilesDellTPadHidFind.exe (ID 3928 |ParentID 3152)
Stoppé! C:Program FilesDellTPadApntex.exe (ID 3952 |ParentID 3908)
Stoppé! C:Windowssystem32conhost.exe (ID 3968 |ParentID 496)
Stoppé! C:UsersAmélieAppDataRoamingDropboxbinDropbox.exe (ID 4004 |ParentID 2084)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 4012 |ParentID 544)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 4040 |ParentID 3756)
Stoppé! C:Program Files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe (ID 4092 |ParentID 3756)
Stoppé! C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe (ID 2680 |ParentID 3756)
Stoppé! C:Program Files (x86)HSPA USB MODEMBackgroundServiceModemListener.exe (ID 3368 |ParentID 3756)
Stoppé! C:Program Files (x86)AviraAntiVir Desktopavgnt.exe (ID 3364 |ParentID 3756)
Stoppé! C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe (ID 3340 |ParentID 3756)
Stoppé! C:Program Files (x86)Common FilesResearch In MotionUSB DriversBbDevMgr.exe (ID 1168 |ParentID 544)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 4164 |ParentID 544)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 4288 |ParentID 544)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 2456 |ParentID 888)
Stoppé! C:UsersAmélieAppDataLocalGoogleChromeApplicationchrome.exe (ID 3216 |ParentID 2084)
Stoppé! C:UsersAmélieAppDataLocalGoogleChromeApplicationchrome.exe (ID 3764 |ParentID 3216)
Stoppé! C:UsersAmélieAppDataLocalGoogleChromeApplicationchrome.exe (ID 2460 |ParentID 3216)
Stoppé! C:UsersAmélieAppDataLocalGoogleChromeApplicationchrome.exe (ID 1960 |ParentID 3216)
Stoppé! C:UsersAmélieAppDataLocalGoogleChromeApplicationchrome.exe (ID 1668 |ParentID 3216)
Stoppé! C:UsersAmélieAppDataLocalGoogleChromeApplicationchrome.exe (ID 5468 |ParentID 3216)
Stoppé! C:Windowssystem32taskeng.exe (ID 6116 |ParentID 964)
Stoppé! C:UsersAmélieAppDataLocalGoogleChromeApplicationchrome.exe (ID 4188 |ParentID 3216)

################## | Éléments infectieux |

Supprimé! E:36985V~2.VBS
Supprimé! F:36985V~2.VBS
Supprimé! C:UsersAMLIE~1AppDataLocalTemp36985V~2.VBS
Supprimé! C:UsersAmélieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup36985V~2.VBS
Supprimé! E:Avicii—Wake-Me-Up–Official-Music-Video-HD–ft–Aloe-Blacc.lnk
Supprimé! E:Debrouya__Ba_zot__Prod_by_Dj_Wide.lnk
Supprimé! F:Monia’s pict.lnk
Supprimé! F:st Peter’s pool.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-1745398308-758821063-452343381-1000SoftwareMicrosoftWindowsCurrentVersionRun|36985V~2
Supprimé! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|36985V~2
Supprimé! HKCU….ExplorerMountPoints2{87880d2b-aede-11e1-9375-f223bc9b6f58}

################## | Listing |

[24/04/2013 – 21:37:26 | SHD ] C:$Recycle.Bin
[28/10/2011 – 11:29:59 | D ] C:Boonty
[28/04/2009 – 17:27:08 | SHD ] C:Boot
[14/07/2009 – 02:38:58 | RASH | 383562] C:bootmgr
[28/04/2009 – 17:27:09 | RASH | 8192] C:BOOTSECT.BAK
[14/04/2011 – 21:36:19 | D ] C:Dell
[10/01/2011 – 22:21:20 | N | 3028] C:dell.sdr
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[14/02/2013 – 16:29:05 | D ] C:found.000
[01/07/2011 – 13:48:55 | D ] C:Games
[28/10/2013 – 09:12:29 | ASH | 3191623680] C:hiberfil.sys
[10/01/2011 – 21:48:05 | D ] C:Intel
[11/09/2011 – 14:01:48 | RHD ] C:MSOCache
[28/10/2013 – 09:13:41 | ASH | 4255502336] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[27/05/2013 – 22:44:38 | D ] C:Program Files
[20/10/2013 – 14:31:26 | D ] C:Program Files (x86)
[27/05/2013 – 22:39:35 | HD ] C:ProgramData
[15/04/2011 – 09:55:51 | SHD ] C:System Recovery
[28/10/2013 – 10:41:28 | SHD ] C:System Volume Information
[08/10/2012 – 10:45:01 | D ] C:Temp
[28/10/2013 – 13:03:15 | D ] C:UsbFix
[28/10/2013 – 13:06:44 | A | 11528] C:UsbFix [Clean 1] AMELIE.txt
[28/10/2013 – 01:02:38 | N | 6986] C:UsbFix [Listing 1 ] AMELIE.txt
[28/10/2013 – 01:16:35 | N | 13974] C:UsbFix [Scan 3] AMELIE.txt
[06/05/2012 – 23:29:13 | N | 1490] C:user.js
[24/04/2013 – 21:37:18 | RD ] C:Users
[27/05/2013 – 22:43:42 | D ] C:wamp
[17/09/2013 – 15:10:19 | D ] C:Windows
[15/07/2013 – 20:19:36 | N | 8079183] E:Avicii—Wake-Me-Up–Official-Music-Video-HD–ft–Aloe-Blacc.mp3
[31/03/2013 – 01:30:42 | N | 7331113] E:Debrouya__Ba_zot__Prod_by_Dj_Wide.mp3
[26/10/2013 – 22:23:04 | D ] F:st Peter’s pool
[26/10/2013 – 23:17:10 | D ] F:Monia’s pict

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |