Répondre à : Fichiers transformés en racourcis sur disques amovibles 2016-09-08T13:24:10+00:00
zetransporteur
Participant
Post count: 14

Merci pour ton conseil concernant TuneUp je vais passer à CCleaner en suivant les conseils de protection du forum. voici donc le rapport de USBFix

############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Young G (Administrateur) # PC-DE-YOUNGG
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 22:57:15 | 09/12/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (KTKAA)
CPU: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
RAM -> [Total : 3037 | Free : 1103]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16736

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Bitdefender Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 149 Go (70 Go libre(s) – 47%) [Vista] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 147 Go (65 Go libre(s) – 44%) [Data] # NTFS
F: -> CD-ROM
G: -> Disque amovible # 7 Go (12 Mo libre(s) – 0%) [] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Apoint] – C:Program FilesApoint2KApoint.exe
HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
HKLMSOFTWARE | Run : [00TCrdMain] – C:Program FilesTOSHIBAFlashCardsTCrdMain.exe
HKLMSOFTWARE | Run : [Camera Assistant Software] – “C:Program FilesCamera Assistant Software for Toshibatraybar.exe” /start
HKLMSOFTWARE | Run : [SVPWUTIL] – C:Program FilesTOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
HKLMSOFTWARE | Run : [Toshiba TEMPO] – C:Program FilesToshiba TEMPROToshiba.Tempo.UI.TrayApplication.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [RIMBBLaunchAgent.exe] – C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
HKLMSOFTWARE | Run : [DivXMediaServer] – C:Program FilesDivXDivX Media ServerDivXMediaServer.exe
HKLMSOFTWARE | Run : [Bdagent] – “C:Program FilesBitdefenderBitdefenderbdagent.exe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [ShowBatteryBar] – “C:Program FilesBatteryBarShowBatteryBar.exe” show
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [DAEMON Tools Pro Agent] – “C:Program FilesDAEMON Tools ProDTAgent.exe” -autorun
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [Spotify Web Helper] – “C:UsersYoung GAppDataRoamingSpotifyDataSpotifyWebHelper.exe”
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [uTorrent] – “C:Program FilesuTorrentuTorrent.exe”
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [Steam] – “C:Program FilesSteamsteam.exe” -silent
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [Google Update] – “C:UsersYoung GAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [Viber] – “C:UsersYoung GAppDataLocalViberViber.exe” StartMinimized
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [aljazeera-sport 2 hd] – wscript.exe //B “C:UsersYOUNGG~1AppDataLocalTempaljazeera-sport 2 hd.vbs”
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [IDMan] – C:Program FilesInternet Download ManagerIDMan.exe /onboot
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [Bitdefender Wallet Agent] – “C:Program FilesBitdefenderBitdefenderpmbxag.exe”
HKUS-1-5-21-3032804369-3938535538-1029922377-1000SOFTWARE | Run : [Bitdefender Agent de l’application Wallet] – “C:Program FilesBitdefenderBitdefenderbdapppassmgr.exe”
HKUS-1-5-18SOFTWARE | Run : [Bitdefender Wallet Agent] – “C:Program FilesBitdefenderBitdefenderpmbxag.exe”
HKUS-1-5-18SOFTWARE | Run : [Bitdefender Wallet] – “C:Program FilesBitdefenderBitdefenderpwdmanui.exe” –hidden –nowizard
HKUS-1-5-18SOFTWARE | Run : [Bitdefender Agent de l’application Wallet] – “C:Program FilesBitdefenderBitdefenderbdapppassmgr.exe”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program FilesBitdefenderBitdefendervsserv.exe (ID 896 |ParentID 680)
Stoppé! C:Windowssystem32atiesrxx.exe (ID 1180 |ParentID 680)
Stoppé! C:Windowssystem32atieclxx.exe (ID 1620 |ParentID 1180)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1860 |ParentID 680)
Stoppé! C:Program FilesCommon FilesEPSONEBAPIeEBSVC.exe (ID 1976 |ParentID 680)
Stoppé! C:Windowssystem32taskhost.exe (ID 300 |ParentID 680)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1556 |ParentID 680)
Stoppé! C:Program FilesTOSHIBAConfigFreeCFSvcs.exe (ID 2168 |ParentID 680)
Stoppé! C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe (ID 2492 |ParentID 680)
Stoppé! C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe (ID 2544 |ParentID 680)
Stoppé! C:Program FilesApoint2KApoint.exe (ID 2688 |ParentID 2160)
Stoppé! C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID 2716 |ParentID 2160)
Stoppé! C:Program FilesRealNetworksRealDownloaderrndlresolversvc.exe (ID 2936 |ParentID 680)
Stoppé! C:Program FilesTuneUp Utilities 2012TuneUpUtilitiesService32.exe (ID 3048 |ParentID 680)
Stoppé! C:Program FilesBitdefenderBitdefenderupdatesrv.exe (ID 3112 |ParentID 680)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3196 |ParentID 680)
Stoppé! C:Program FilesCamera Assistant Software for Toshibatraybar.exe (ID 3300 |ParentID 2160)
Stoppé! C:Program FilesBitdefenderBitdefenderbdagent.exe (ID 3440 |ParentID 2160)
Stoppé! C:Program FilesSteamSteam.exe (ID 3604 |ParentID 2160)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 3656 |ParentID 3196)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3708 |ParentID 680)
Stoppé! C:Program FilesApoint2KApMsgFwd.exe (ID 3548 |ParentID 2688)
Stoppé! C:Program FilesTuneUp Utilities 2012TuneUpUtilitiesApp32.exe (ID 3816 |ParentID 3048)
Stoppé! C:WindowsSystem32wscript.exe (ID 3736 |ParentID 2160)
Stoppé! C:Program FilesInternet Download ManagerIDMan.exe (ID 2836 |ParentID 2160)
Stoppé! C:Program FilesBitdefenderBitdefenderpmbxag.exe (ID 2620 |ParentID 2160)
Stoppé! C:Program FilesBitdefenderBitdefenderbdapppassmgr.exe (ID 4116 |ParentID 2160)
Stoppé! C:UsersYoung GAppDataRoamingDropboxbinDropbox.exe (ID 4160 |ParentID 2160)
Stoppé! C:Program FilesApoint2KApntex.exe (ID 4208 |ParentID 2740)
Stoppé! C:Windowssystem32conhost.exe (ID 4260 |ParentID 628)
Stoppé! C:Program FilesInternet Download ManagerIEMonitor.exe (ID 4804 |ParentID 2836)
Stoppé! C:Program FilesCommon FilesSteamSteamService.exe (ID 4376 |ParentID 680)
Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID 5304 |ParentID 2160)
Stoppé! C:Program FilesWindows Media Playerwmplayer.exe (ID 4448 |ParentID 836)
Stoppé! C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID 4188 |ParentID 5156)
Stoppé! C:Program FilesSkypePhoneSkype.exe (ID 3840 |ParentID 2160)
Stoppé! C:UsersYoung GAppDataLocalViberViber.exe (ID 5868 |ParentID 2160)
Stoppé! C:Program FilesTwitterTweetDeckTweetDeck.exe (ID 4976 |ParentID 2160)
Stoppé! C:Program FilesTwitterTweetDeckTweetDeck.exe (ID 5984 |ParentID 4976)
Stoppé! C:Program FilesTwitterTweetDeckTweetDeck.exe (ID 956 |ParentID 4976)
Stoppé! C:Program FilesBitdefenderBitdefenderseccenter.exe (ID 2224 |ParentID 3440)

################## | Éléments infectieux |

Non supprimé ! C:UsersYOUNGG~1AppDataLocalTempaljazeera-sport 2 hd.vbs
Supprimé! C:UsersYoung GAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupaljazeera-sport 2 hd.vbs
Non supprimé ! G:DCIM.lnk
Non supprimé ! G:MISC.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3032804369-3938535538-1029922377-1000SoftwareMicrosoftWindowsCurrentVersionRun|aljazeera-sport 2 hd

################## | Listing |

[19/12/2011 – 01:33:31 | D ] C:$INPLACE.~TR
[14/04/2012 – 11:12:17 | SHD ] C:$RECYCLE.BIN
[19/12/2011 – 02:17:00 | D ] C:$WINDOWS.~Q
[26/05/2013 – 05:17:17 | D ] C:.cache
[22/11/2011 – 16:35:19 | D ] C:3d51ae3249afade494e835e0408b
[08/12/2013 – 05:01:53 | D ] C:AdwCleaner
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[08/12/2013 – 20:57:29 | N | 1699] C:bdlog.txt
[15/08/2012 – 15:28:10 | N | 2294848] C:bdr-bz01
[08/12/2013 – 07:58:51 | N | 308] C:bdr-cf01
[25/06/2013 – 18:20:38 | N | 36579345] C:bdr-im01.gz
[08/12/2013 – 07:58:51 | N | 253404] C:bdr-ld01
[08/12/2013 – 07:58:51 | N | 9216] C:bdr-ld01.mbr
[19/12/2011 – 05:21:31 | SHD ] C:Boot
[20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
[19/12/2011 – 01:46:58 | RASH | 8192] C:BOOTSECT.BAK
[08/12/2013 – 07:39:26 | SHD ] C:Config.Msi
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[08/12/2013 – 07:12:02 | D ] C:FM Genie Scout 13
[04/12/2013 – 19:18:22 | D ] C:FM Genie Scout 14
[03/08/2012 – 17:08:01 | N | 13761] C:formatter.log
[05/11/2013 – 15:15:05 | D ] C:Fraps
[17/01/2012 – 10:45:44 | | 467042] C:HBNPY
[08/12/2013 – 20:58:23 | ASH | 2388307968] C:hiberfil.sys
[22/06/2012 – 23:30:17 | N | 30391] C:install.log
[19/11/2008 – 13:43:25 | D ] C:Intel
[08/12/2013 – 20:58:26 | ASH | 3184410624] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[08/12/2013 – 05:29:53 | N | 512] C:PhysicalDisk0_MBR.bin
[08/12/2013 – 20:58:21 | D ] C:Program Files
[08/12/2013 – 20:17:29 | HD ] C:ProgramData
[19/12/2011 – 02:29:39 | SHD ] C:Recovery
[19/11/2008 – 14:51:21 | N | 70] C:SWSTAMP.TXT
[08/12/2013 – 07:38:06 | SHD ] C:System Volume Information
[28/08/2012 – 02:21:19 | D ] C:Temp
[22/11/2011 – 14:51:00 | D ] C:Toshiba
[09/12/2013 – 23:04:05 | D ] C:UsbFix
[09/12/2013 – 23:05:57 | A | 11531] C:UsbFix [Clean 1] PC-DE-YOUNGG.txt
[11/04/2012 – 03:48:41 | N | 59] C:user.js
[17/10/2013 – 10:42:51 | RD ] C:Users
[08/12/2013 – 07:58:02 | D ] C:Windows
[19/11/2008 – 14:31:38 | D ] C:Works
[03/03/2012 – 23:21:09 | D ] E:$AVG
[22/11/2011 – 14:50:35 | SHD ] E:$RECYCLE.BIN
[28/04/2012 – 15:32:43 | D ] E:Downloads
[09/12/2013 – 22:32:41 | D ] E:FATHER MC – Sex Is Law (1993)
[22/11/2011 – 23:01:00 | D ] E:HDDRecovery
[09/12/2013 – 22:34:05 | D ] E:Italie
[09/12/2013 – 22:34:13 | D ] E:Kem – Album II (2005)
[22/11/2011 – 14:31:31 | SHD ] E:System Volume Information
[09/12/2013 – 22:32:35 | D ] E:Vacances Cameroun
[29/06/2013 – 12:23:00 | SHD ] G:DCIM
[29/06/2013 – 12:23:00 | SHD ] G:MISC
[09/12/2013 – 17:54:08 | D ] G:AD_LUMIX
[05/10/2013 – 17:35:22 | A | 766] G:DCIM.lnk
[05/10/2013 – 17:35:24 | A | 766] G:MISC.lnk

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |