Répondre à : help ! desinfection usb virus raccourcis 2016-09-08T13:14:33+00:00
Photo du profil de jlavaurejlavaure
Participant
Nombre d'articles : 9

voila le rapport, et maintenant ?

############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: Jimmy (Administrateur) # XPS_JIMMY
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 10:52:55 | 07/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0CM76H)
CPU: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
RAM -> [Total : 8071 | Free : 5750]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 8.1 (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16384
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 465 Go (416 Go libre(s) – 89%) [] # NTFS
D: -> Disque amovible # 4 Go (2 Go libre(s) – 66%) [USB JIMMY] # FAT32

################## | Référence de comparaison MD5 |

Md5 : 01c034d0effbf218689f6f4678af63cc -> C:UsersJimmyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupupdat.vbs
Md5 : DENIED -> C:UsersJimmyAppDataLocalTempupdat.vbs
Md5 : 01c034d0effbf218689f6f4678af63cc -> D:updat.vbs

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1320 |ParentID: 688)
Stoppé! C:WINDOWSSystem32spoolsv.exe (ID: 1520 |ParentID: 688)
Stoppé! C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID: 1704 |ParentID: 688)
Stoppé! C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1752 |ParentID: 688)
Stoppé! C:WINDOWSsystem32dashost.exe (ID: 1760 |ParentID: 740)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 1808 |ParentID: 688)
Stoppé! C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 1848 |ParentID: 688)
Stoppé! C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 1936 |ParentID: 688)
Stoppé! C:Program FilesQualcomm AtherosKiller Network ManagerBFNService.exe (ID: 2016 |ParentID: 688)
Stoppé! C:Program Files (x86)GoogleUpdate1.3.21.165GoogleCrashHandler.exe (ID: 2028 |ParentID: 804)
Stoppé! C:Program Files (x86)GoogleUpdate1.3.21.165GoogleCrashHandler64.exe (ID: 3224 |ParentID: 804)
Stoppé! C:WINDOWSsystem32SearchIndexer.exe (ID: 3892 |ParentID: 688)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 2896 |ParentID: 688)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 4352 |ParentID: 688)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4492 |ParentID: 688)
Stoppé! C:WINDOWSsystem32taskhost.exe (ID: 4396 |ParentID: 268)
Stoppé! C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (ID: 3208 |ParentID: 688)
Stoppé! C:Program FilesNVIDIA CorporationDisplayNvTray.exe (ID: 3500 |ParentID: 3628)
Stoppé! C:WINDOWSsystem32nvvsvc.exe (ID: 2892 |ParentID: 688)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 4824 |ParentID: 2892)
Stoppé! C:WINDOWSsystem32nvvsvc.exe (ID: 2724 |ParentID: 2892)
Stoppé! C:WINDOWSsystem32DllHost.exe (ID: 3660 |ParentID: 768)
Stoppé! C:WINDOWSsystem32taskhostex.exe (ID: 3824 |ParentID: 268)
Stoppé! c:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe (ID: 576 |ParentID: 268)
Stoppé! c:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe (ID: 2012 |ParentID: 268)
Stoppé! C:WINDOWSExplorer.EXE (ID: 996 |ParentID: 596)
Stoppé! C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweLiveComm.exe (ID: 612 |ParentID: 768)
Stoppé! C:WindowsSystem32skydrive.exe (ID: 4848 |ParentID: 768)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 3020 |ParentID: 4824)
Stoppé! C:WindowsSystem32RuntimeBroker.exe (ID: 1116 |ParentID: 768)
Stoppé! C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID: 4072 |ParentID: 996)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 2104 |ParentID: 996)
Stoppé! C:WINDOWSsystem32igfxsrvc.exe (ID: 3852 |ParentID: 768)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 2236 |ParentID: 996)
Stoppé! C:Program Files (x86)Bluetooth SuiteActivateDesktop.exe (ID: 2904 |ParentID: 4072)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 3728 |ParentID: 996)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3564 |ParentID: 996)
Stoppé! C:WindowsSystem32wscript.exe (ID: 2156 |ParentID: 996)
Stoppé! C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 3904 |ParentID: 628)
Stoppé! C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 4564 |ParentID: 2480)
Stoppé! C:Program FilesQualcomm AtherosKiller Network ManagerKillerNetManager.exe (ID: 1568 |ParentID: 996)
Stoppé! C:WindowsSystem32WWAHost.exe (ID: 196 |ParentID: 768)
Stoppé! C:WINDOWSWinStoreWSHost.exe (ID: 2816 |ParentID: 768)
Stoppé! C:WindowsSystem32SettingSyncHost.exe (ID: 5708 |ParentID: 768)
Stoppé! C:WINDOWSsystem32wwahost.exe (ID: 6076 |ParentID: 768)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 1548 |ParentID: 1116)
Stoppé! C:WINDOWSSysWOW64ctfmon.exe (ID: 5976 |ParentID: 4564)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 2128 |ParentID: 740)
Stoppé! C:WINDOWSsystem32SearchProtocolHost.exe (ID: 6056 |ParentID: 3892)
Stoppé! C:WINDOWSsystem32SearchFilterHost.exe (ID: 1288 |ParentID: 3892)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 4144 |ParentID: 1548)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 5116 |ParentID: 4144)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 1032 |ParentID: 5116)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKLMSOFTWARE | PoliciesExplorerrun : [BtvStack] – “C:Program Files (x86)Bluetooth SuiteBtvStack.exe”
04 – HKUS-1-5-21-2094778527-1246507201-1059643131-1001SOFTWARE | Run : [SkyDrive] – “C:UsersJimmyAppDataLocalMicrosoftSkyDriveSkyDrive.exe” /background
04 – HKUS-1-5-21-2094778527-1246507201-1059643131-1001SOFTWARE | Run : [updat] – wscript.exe //B “C:UsersJimmyAppDataLocalTempupdat.vbs”
04 – HKUS-1-5-21-2094778527-1246507201-1059643131-1002SOFTWARE | RunOnce : [WAB Migrate] – %ProgramFiles%Windows Mailwab.exe /Upgrade

################## | Recherche générique |

Supprimé! C:UsersJimmyAppDataLocalTempupdat.vbs
Supprimé! C:UsersJimmyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupupdat.vbs
Supprimé! D:updat.vbs
Supprimé! D:.lnk
Supprimé! D:SIBD.lnk
Supprimé! D:FOUND.000.lnk
Supprimé! D:semio.lnk
Supprimé! D:FLORE.lnk
Supprimé! D:livre-Lena-AD.lnk
Supprimé! D:3-Territoires et acteurs.lnk
Supprimé! D:.Trash-21127.lnk
Supprimé! D:a imprimer.lnk
Supprimé! D:.Spotlight-V100.lnk
Supprimé! D:.TemporaryItems.lnk
Supprimé! D:.Trash-23217.lnk
Supprimé! D:Meilleures photos.lnk
Supprimé! D:Archeo laurine.lnk
Supprimé! D:CV.lnk
Supprimé! D:Conduite_Projet.lnk
Supprimé! D:systeme_reseau.lnk
Supprimé! D:TD4.lnk
Supprimé! D:System Volume Information.lnk
Supprimé! D:TD4_Carto_Semio_M1Geom.lnk

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-2094778527-1246507201-1059643131-1001SoftwareMicrosoftWindowsCurrentVersionRun|updat

################## | Listing |

[06/11/2013 – 16:38:50 | SHD ] C:$Recycle.Bin
[06/11/2013 – 15:34:55 | D ] C:$Windows.~BT
[26/07/2012 – 04:44:30 | RASH | 398156] C:bootmgr
[18/06/2013 – 13:18:29 | N | 1] C:BOOTNXT
[13/09/2013 – 13:24:07 | D ] C:Dell
[22/08/2013 – 15:45:52 | SHD ] C:Documents and Settings
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1028.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1031.txt
[07/11/2007 – 07:00:40 | N | 10134] C:eula.1033.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1036.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1040.txt
[07/11/2007 – 07:00:40 | N | 118] C:eula.1041.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.1042.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.2052.txt
[07/11/2007 – 07:00:40 | N | 17734] C:eula.3082.txt
[07/11/2007 – 07:00:40 | N | 1110] C:globdata.ini
[06/11/2013 – 17:12:32 | ASH | 6770671616] C:hiberfil.sys
[07/11/2007 – 07:44:20 | N | 855040] C:install.exe
[07/11/2007 – 07:00:40 | N | 843] C:install.ini
[07/11/2007 – 07:44:20 | N | 75280] C:install.res.1028.dll
[07/11/2007 – 07:44:20 | N | 95248] C:install.res.1031.dll
[07/11/2007 – 07:44:20 | N | 90128] C:install.res.1033.dll
[07/11/2007 – 07:44:20 | N | 96272] C:install.res.1036.dll
[07/11/2007 – 07:44:20 | N | 94224] C:install.res.1040.dll
[07/11/2007 – 07:44:20 | N | 80400] C:install.res.1041.dll
[07/11/2007 – 07:44:20 | N | 78864] C:install.res.1042.dll
[07/11/2007 – 07:44:20 | N | 74768] C:install.res.2052.dll
[07/11/2007 – 07:44:20 | N | 95248] C:install.res.3082.dll
[13/09/2013 – 13:24:34 | D ] C:Intel
[06/11/2013 – 17:12:45 | ASH | 1342177280] C:pagefile.sys
[22/08/2013 – 16:22:35 | D ] C:PerfLogs
[06/11/2013 – 16:21:50 | D ] C:Program Files
[06/11/2013 – 16:39:51 | D ] C:Program Files (x86)
[06/11/2013 – 16:22:02 | HD ] C:ProgramData
[10/10/2013 – 08:08:34 | D ] C:Python26
[06/11/2013 – 16:10:54 | SHD ] C:Recovery
[13/09/2013 – 22:41:37 | D ] C:sources
[06/11/2013 – 17:12:45 | ASH | 268435456] C:swapfile.sys
[06/11/2013 – 17:48:35 | SHD ] C:System Volume Information
[06/11/2013 – 17:50:40 | D ] C:temp
[07/11/2013 – 10:53:53 | D ] C:UsbFix
[07/11/2013 – 10:53:53 | A | 10110] C:UsbFix [Clean 2] XPS_JIMMY.txt
[07/11/2013 – 09:46:43 | N | 8559] C:UsbFix [Scan 1] XPS_JIMMY.txt
[06/11/2013 – 16:22:02 | RD ] C:Users
[07/11/2007 – 07:00:40 | N | 5686] C:vcredist.bmp
[07/11/2007 – 07:50:40 | N | 1927956] C:VC_RED.cab
[07/11/2007 – 07:53:12 | N | 242176] C:VC_RED.MSI
[06/11/2013 – 17:48:58 | D ] C:Windows
[06/11/2013 – 16:10:28 | D ] C:Windows.old
[08/10/2013 – 11:22:36 | D ] D:.Trash-21127
[05/11/2013 – 11:51:24 | D ] D:SIBD
[22/07/2013 – 22:00:16 | D ] D:FOUND.000
[31/01/2012 – 12:30:30 | N | 4096] D:._TDboites
[26/12/2012 – 18:25:26 | D ] D:a imprimer
[02/06/2012 – 10:18:00 | N | 4096] D:._tableau matelle !.pdf
[22/09/2012 – 20:17:10 | N | 4096] D:._Cours n°1.pdf
[03/10/2013 – 15:15:42 | D ] D:Rapports de stages M2 Geom 2012?2013
[16/10/2013 – 17:12:54 | D ] D:semio
[01/07/2012 – 00:50:18 | D ] D:FLORE
[03/04/2011 – 21:49:48 | SHD ] D:.Spotlight-V100
[02/06/2012 – 10:18:10 | SHD ] D:.TemporaryItems
[02/06/2012 – 10:18:10 | SH | 4096] D:._.TemporaryItems
[22/10/2013 – 12:46:26 | D ] D:.Trash-23217
[10/09/2012 – 20:38:20 | N | 111] D:.~lock.PREHISTOIRE PROTOHISTOIRE.docx#
[29/04/2013 – 13:38:14 | N | 4096] D:._Rédaction.docx
[24/10/2012 – 12:52:22 | D ] D:Meilleures photos
[08/11/2012 – 15:22:14 | D ] D:Archeo laurine
[24/10/2013 – 13:24:00 | N | 26441635] D:livre-Lena-AD.pdf
[21/10/2013 – 20:38:12 | D ] D:CV
[04/11/2013 – 18:32:52 | D ] D:Conduite_Projet
[13/04/2013 – 13:13:30 | N | 4096] D:._carte_legende_touristique_herault.pdf
[27/04/2013 – 16:16:46 | N | 4096] D:._Cadastre_StMartin_Tournezy.pdf
[08/10/2013 – 12:04:04 | N | 39987985] D:3-Territoires et acteurs.pptx
[22/12/2012 – 10:46:18 | N | 111] D:.~lock.Réponses enquête L3 aménagement_ Groupe du Jeudi.xls#
[05/11/2013 – 11:50:16 | D ] D:systeme_reseau
[06/11/2013 – 17:29:22 | D ] D:TD4
[06/11/2013 – 17:25:00 | SHD ] D:System Volume Information
[06/11/2013 – 17:21:08 | N | 2655924] D:TD4_Carto_Semio_M1Geom.pdf
[31/05/2012 – 23:35:58 | N | 111] D:.~lock.tableau matelle !.ods#

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |