Répondre à : dossiers en racourcis sur clé usb 2016-09-08T13:27:15+00:00
Telma
Post count: 0

[font=Century Gothic:2t93k0ne]Voici mon rapport USBfix :

############################## | UsbFix V 7.156 | [Recherche]

Utilisateur: Marie-Estelle (Administrateur) # PC-MARIE-ESTELL
Mis à jour le 27/12/2013 par El Desaparecido – Team SosVirus
Lancé à 20:28:47 | 29/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (30FD)
CPU: AMD Athlon(tm) X2 Dual-Core QL-62
RAM -> [Total : 3069 | Free : 1114]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 26.0
WB: Safari : 531.22.7

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 224 Go (57 Go libre(s) – 25%) [] # NTFS
D: -> Disque fixe # 9 Go (2 Go libre(s) – 18%) [HP_RECOVERY] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 1010 Mo (1008 Mo libre(s) – 100%) [] # FAT
G: -> Disque amovible # 64 Mo (64 Mo libre(s) – 100%) [] # FAT

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 568 |ParentID: 556)
C:Windowssystem32wininit.exe (ID: 632 |ParentID: 556)
C:Windowssystem32csrss.exe (ID: 640 |ParentID: 624)
C:Windowssystem32services.exe (ID: 680 |ParentID: 632)
C:Windowssystem32lsass.exe (ID: 692 |ParentID: 632)
C:Windowssystem32lsm.exe (ID: 700 |ParentID: 632)
C:Windowssystem32svchost.exe (ID: 836 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 908 |ParentID: 680)
C:WindowsSystem32svchost.exe (ID: 944 |ParentID: 680)
C:Windowssystem32winlogon.exe (ID: 992 |ParentID: 624)
C:WindowsSystem32svchost.exe (ID: 1040 |ParentID: 680)
C:WindowsSystem32svchost.exe (ID: 1068 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 1084 |ParentID: 680)
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046STacSV.exe (ID: 1128 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 1308 |ParentID: 680)
C:Windowssystem32SLsvc.exe (ID: 1324 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 1356 |ParentID: 680)
C:Windowssystem32Hpservice.exe (ID: 1428 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 1488 |ParentID: 680)
C:Windowssystem32WLANExt.exe (ID: 1736 |ParentID: 1068)
C:WindowsSystem32spoolsv.exe (ID: 1876 |ParentID: 680)
C:Program FilesAviraAntiVir Desktopsched.exe (ID: 1900 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 1920 |ParentID: 680)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 396 |ParentID: 680)
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046aestsrv.exe (ID: 432 |ParentID: 680)
C:Program FilesAviraAntiVir Desktopavguard.exe (ID: 524 |ParentID: 680)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 540 |ParentID: 680)
C:Program FilesBonjourmDNSResponder.exe (ID: 560 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 724 |ParentID: 680)
C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 968 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 416 |ParentID: 680)
C:Program FilesHPQuickPlayKernelTVQPCapSvc.exe (ID: 2156 |ParentID: 680)
C:Program FilesHPQuickPlayKernelTVQPSched.exe (ID: 2180 |ParentID: 680)
C:WindowsSMINSTBLService.exe (ID: 2220 |ParentID: 680)
C:Program FilesCyberLinkShared FilesRichVideo.exe (ID: 2276 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 2332 |ParentID: 680)
C:WindowsSystem32svchost.exe (ID: 2376 |ParentID: 680)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2468 |ParentID: 680)
C:Windowssystem32SearchIndexer.exe (ID: 2516 |ParentID: 680)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2556 |ParentID: 2468)
C:Windowssystem32taskeng.exe (ID: 2736 |ParentID: 1084)
C:Windowssystem32Dwm.exe (ID: 3088 |ParentID: 1068)
C:Windowssystem32taskeng.exe (ID: 3144 |ParentID: 1084)
C:WindowsExplorer.EXE (ID: 3192 |ParentID: 3072)
C:Windowssystem32wbemwmiprvse.exe (ID: 3456 |ParentID: 836)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3548 |ParentID: 3192)
C:Program FilesHPQuickPlayQPService.exe (ID: 3556 |ParentID: 3192)
C:Program FilesWindows DefenderMSASCui.exe (ID: 3580 |ParentID: 3192)
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 3588 |ParentID: 3192)
C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe (ID: 3596 |ParentID: 3192)
C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 3628 |ParentID: 3192)
C:Program FilesHPHP Software Updatehpwuschd2.exe (ID: 3676 |ParentID: 3192)
C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe (ID: 3688 |ParentID: 3192)
C:Program FilesSamsungKiesKiesTrayAgent.exe (ID: 3740 |ParentID: 3192)
C:Program FilesAviraAntiVir Desktopavgnt.exe (ID: 3752 |ParentID: 3192)
C:Program FilesIDTWDMsttray.exe (ID: 3800 |ParentID: 3192)
C:Program FilesWindows Sidebarsidebar.exe (ID: 3816 |ParentID: 3192)
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 3848 |ParentID: 3192)
C:Program FilesSamsungKiesKies.exe (ID: 3864 |ParentID: 3192)
C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe (ID: 3896 |ParentID: 3192)
C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 3908 |ParentID: 3192)
C:Program FilesWindows Sidebarsidebar.exe (ID: 1204 |ParentID: 3816)
C:Program FilesAviraAntiVir Desktopavshadow.exe (ID: 1700 |ParentID: 524)
C:WindowsSystem32alg.exe (ID: 4032 |ParentID: 680)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1584 |ParentID: 680)
C:Windowssystem32svchost.exe (ID: 4152 |ParentID: 680)
C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 4316 |ParentID: 680)
C:Windowssystem32wbemwmiprvse.exe (ID: 4368 |ParentID: 836)
C:Program FilesHewlett-PackardHP wireless AssistantWiFiMsg.EXE (ID: 4832 |ParentID: 3628)
C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 5012 |ParentID: 680)
C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID: 5084 |ParentID: 3936)
C:Program FilesHewlett-PackardSharedHpqToaster.exe (ID: 5104 |ParentID: 836)
c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 6092 |ParentID: 680)
C:Program FilesMonAlbumPhotomonAlbumPhoto.exe (ID: 4268 |ParentID: 3192)
C:Program FilesMozilla Firefoxfirefox.exe (ID: 5500 |ParentID: 3192)
C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 3616 |ParentID: 680)
C:Program FilesMozilla Firefoxplugin-container.exe (ID: 6012 |ParentID: 5500)
C:Program FilesMozilla Firefoxplugin-container.exe (ID: 3440 |ParentID: 5500)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 1912 |ParentID: 3440)
C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe (ID: 176 |ParentID: 1912)
C:Program FilesAdobeReader 10.0ReaderAcroRd32.exe (ID: 2480 |ParentID: 3192)
C:Program FilesAdobeReader 10.0ReaderAcroRd32.exe (ID: 4120 |ParentID: 2480)
C:Windowssystem32taskeng.exe (ID: 2072 |ParentID: 1084)
C:WindowsSystem32WUDFHost.exe (ID: 4840 |ParentID: 1068)
C:Windowssystem32conime.exe (ID: 2976 |ParentID: 4164)
C:WindowsSystem32mobsync.exe (ID: 6036 |ParentID: 836)
C:Program FilesWindows Media Playerwmplayer.exe (ID: 4624 |ParentID: 6036)
C:UsbFixGo.exe (ID: 1400 |ParentID: 5196)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – HKLMSOFTWARE | Run : [QPService] – “C:Program FilesHPQuickPlayQPService.exe”
04 – HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [OnScreenDisplay] – C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe
04 – HKLMSOFTWARE | Run : [hpWirelessAssistant] – C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [AppleSyncNotifier] – C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [RIMBBLaunchAgent.exe] – C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program FilesSamsungKiesKiesTrayAgent.exe
04 – HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [LightScribe Control Panel] – C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [ehTray.exe] – C:WindowsehomeehTray.exe
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [OfferBox] – C:Program FilesOfferBoxOfferBox.exe
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [KiesPreload] – C:Program FilesSamsungKiesKies.exe /preload
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [KiesAirMessage] – C:Program FilesSamsungKiesKiesAirMessage.exe -startup
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [] – C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [WMPNSCFG] – C:Program FilesWindows Media PlayerWMPNSCFG.exe
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
04 – HKUS-1-5-21-1917961054-784476770-3265431197-1000SOFTWARE | Run : [Mozilla] – wscript.exe //B “C:UsersMarie-EstelleAppDataRoamingMozilla.vbs”

################## | Recherche générique |

Présent! C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
Présent! C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
Présent! C:UsersMARIE-~1AppDataLocalTempavgnt.exe
Présent! G:Mozilla.vbs
Présent! F:FOUND.000.lnk

################## | Référence de comparaison MD5 |

Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
Md5 : 959D7A16B9EA04C5356088803C9805FA -> G:Mozilla.vbs

################## | Comparaison MD5 |

Présent! Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMozilla.vbs
Présent! Md5 : 959D7A16B9EA04C5356088803C9805FA -> C:UsersMarie-EstelleAppDataRoamingMozilla.vbs
Présent! Md5 : 959D7A16B9EA04C5356088803C9805FA -> G:Mozilla.vbs

################## | Registre |

Présent! HKUS-1-5-21-1917961054-784476770-3265431197-1000SoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
Présent! HKUS-1-5-21-1917961054-784476770-3265431197-1000SoftwareMicrosoftWindowsCurrentVersionRun|Mozilla
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|Mozilla

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

Merci par avance pour voter aide[/font:2t93k0ne]