Répondre à : usb fichiers remplacés par raccourcis2016-09-12T13:42:38+00:00
FRED P92
Participant
Nombre d'articles : 4

re
voici le nouveau rapport après suppression avec usbfix.
Est-ce positif ?
Merci

############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Meurine’s (Administrateur) # NINIPINSON
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 21:20:17 | 13/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK COMPUTER INC. (X55VDR)
CPU: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
RAM -> [Total : 6028 Mo| Free : 4855 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 8 (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 34.0.1847.116

SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
AV: Windows Defender [(!) Disabled | Updated]
AS: Avira Desktop [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]

C: (%systemdrive%) -> Disque fixe # 279 Go (73 Go libre(s) – 26%) [OS] # NTFS
D: -> Disque fixe # 398 Go (398 Go libre(s) – 100%) [DATA] # NTFS
E: -> CD-ROM
H: -> Disque amovible # 982 Mo (943 Mo libre(s) – 96%) [] # FAT

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 444 |ParentID: 436)
C:Windowssystem32wininit.exe (ID: 508 |ParentID: 436)
C:Windowssystem32csrss.exe (ID: 528 |ParentID: 520)
C:Windowssystem32winlogon.exe (ID: 580 |ParentID: 520)
C:Windowssystem32services.exe (ID: 620 |ParentID: 508)
C:Windowssystem32lsass.exe (ID: 628 |ParentID: 508)
C:Windowssystem32svchost.exe (ID: 744 |ParentID: 620)
C:Windowssystem32nvvsvc.exe (ID: 796 |ParentID: 620)
C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID: 820 |ParentID: 620)
C:Windowssystem32svchost.exe (ID: 852 |ParentID: 620)
C:WindowsSystem32svchost.exe (ID: 912 |ParentID: 620)
C:Windowssystem32dwm.exe (ID: 960 |ParentID: 580)
C:Windowssystem32svchost.exe (ID: 972 |ParentID: 620)
C:Windowssystem32svchost.exe (ID: 1000 |ParentID: 620)
C:WindowsSystem32svchost.exe (ID: 532 |ParentID: 620)
C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 324 |ParentID: 796)
C:Windowssystem32nvvsvc.exe (ID: 1028 |ParentID: 796)
C:Windowssystem32svchost.exe (ID: 1116 |ParentID: 620)
C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1240 |ParentID: 620)
C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1280 |ParentID: 620)
C:WindowsSystem32spoolsv.exe (ID: 1376 |ParentID: 620)
C:Program Files (x86)AviraAntiVir Desktopsched.exe (ID: 1492 |ParentID: 620)
C:Windowssystem32svchost.exe (ID: 1544 |ParentID: 620)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1800 |ParentID: 620)
C:Program Files (x86)AviraAntiVir Desktopavguard.exe (ID: 1832 |ParentID: 620)
C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe (ID: 1856 |ParentID: 620)
C:Windowssystem32dashost.exe (ID: 1928 |ParentID: 532)
C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1944 |ParentID: 620)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 1992 |ParentID: 620)
C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (ID: 2028 |ParentID: 620)
C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe (ID: 1488 |ParentID: 620)
C:Windowssystem32svchost.exe (ID: 1912 |ParentID: 620)
C:Program Files (x86)AviraAntiVir Desktopavshadow.exe (ID: 2720 |ParentID: 1832)
C:Windowssystem32svchost.exe (ID: 3044 |ParentID: 620)
C:Windowssystem32svchost.exe (ID: 2548 |ParentID: 620)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 1012 |ParentID: 1240)
C:Program Files (x86)ASUSASUS InstantOnInsOnWMI.exe (ID: 1840 |ParentID: 1856)
C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe (ID: 1512 |ParentID: 1488)
C:WindowsExplorer.EXE (ID: 3408 |ParentID: 3088)
C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 3560 |ParentID: 1012)
C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 3724 |ParentID: 3308)
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 3756 |ParentID: 3256)
C:Windowssystem32runonce.exe (ID: 3796 |ParentID: 3408)
C:Windowssystem32wbemwmiprvse.exe (ID: 3852 |ParentID: 744)
C:WindowsSysWOW64runonce.exe (ID: 3912 |ParentID: 3796)
C:Windowssystem32DllHost.exe (ID: 3420 |ParentID: 744)
C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 3900 |ParentID: 324)
c:program files (x86)aviraantivir desktoptoastNotifier.exe (ID: 4020 |ParentID: 1832)
C:Windowssystem32wbemwmiprvse.exe (ID: 3736 |ParentID: 744)

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
04 – HKCU..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
04 – HKCU..Run : [Facebook Update] “C:UsersMeurine’sAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKCU..Run : [EPLTargetP0000000000000000] C:Windowssystem32spoolDRIVERSx643E_IATIIKE.EXE /EPT “EPLTargetP0000000000000000” /M “XP-302 303 305 306 Series”
04 – HKCU..Run : [EPLTargetP0000000000000001] C:Windowssystem32spoolDRIVERSx643E_IATIIKE.EXE /EPT “EPLTargetP0000000000000001” /M “XP-302 303 305 306 Series”
04 – HKCU..Run : [Skype] “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKLM..Run : [RemoteControl10] “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
04 – HKLM..Run : []
04 – HKLM..Run : [avgnt] “C:Program Files (x86)AviraAntiVir Desktopavgnt.exe” /min
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – [x64] HKLM..Run : [ACMON] C:Program Files (x86)ASUSSplendidACMON.exe
04 – HKUS-1-5-21-145718918-2541462195-149494896-1002..Run : [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe
04 – HKUS-1-5-21-145718918-2541462195-149494896-1002..Run : [msnmsgr] “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-21-145718918-2541462195-149494896-1002..Run : [Facebook Update] “C:UsersMeurine’sAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-145718918-2541462195-149494896-1002..Run : [EPLTargetP0000000000000000] C:Windowssystem32spoolDRIVERSx643E_IATIIKE.EXE /EPT “EPLTargetP0000000000000000” /M “XP-302 303 305 306 Series”
04 – HKUS-1-5-21-145718918-2541462195-149494896-1002..Run : [EPLTargetP0000000000000001] C:Windowssystem32spoolDRIVERSx643E_IATIIKE.EXE /EPT “EPLTargetP0000000000000001” /M “XP-302 303 305 306 Series”
04 – HKUS-1-5-21-145718918-2541462195-149494896-1002..Run : [Skype] “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun

################## | Listing |

[20/05/2013 – 23:21:48 | SHD] – C:$Recycle.Bin
[20/02/2014 – 00:24:49 | D] – C:AdwCleaner
[17/08/2012 – 11:42:50 | SHD] – C:Boot
[26/07/2012 – 05:44:30 | RASH | 389 Ko] – C:bootmgr
[02/06/2012 – 16:30:55 | N | 0 Ko] – C:BOOTNXT
[26/07/2012 – 09:22:08 | SHD] – C:Documents and Settings
[05/12/2012 – 21:15:23 | D] – C:eSupport
[06/10/2013 – 17:23:07 | D] – C:FlashOutput
[13/04/2014 – 21:16:13 | ASH | 4937792 Ko] – C:hiberfil.sys
[05/12/2012 – 20:57:15 | D] – C:Intel
[06/10/2013 – 17:40:46 | D] – C:OutputFolder
[13/04/2014 – 21:16:19 | ASH | 3014656 Ko] – C:pagefile.sys
[26/07/2012 – 09:33:46 | D] – C:PerfLogs
[28/09/2013 – 14:21:31 | D] – C:Program Files
[13/04/2014 – 18:16:26 | D] – C:Program Files (x86)
[13/04/2014 – 17:40:52 | HD] – C:ProgramData
[19/02/2013 – 11:53:53 | D] – C:sources
[13/04/2014 – 21:16:19 | ASH | 262144 Ko] – C:swapfile.sys
[17/02/2014 – 17:33:18 | SHD] – C:System Volume Information
[28/03/2013 – 22:06:49 | D] – C:temp
[13/04/2014 – 21:19:26 | D] – C:UsbFix
[13/04/2014 – 21:11:19 | N | 16 Ko | 2E2657655FA11F3D0770F07F439C58DE] – C:UsbFix [Clean 2] NINIPINSON.txt
[13/04/2014 – 21:12:23 | N | 12 Ko | D4B3FC854705D004A978F1DB09A675BE] – C:UsbFix [Clean 4] NINIPINSON.txt
[13/04/2014 – 21:21:12 | A | 9 Ko | AD410B610CBBEBEF92AE3E7976A749D1] – C:UsbFix [Clean 6] NINIPINSON.txt
[13/04/2014 – 18:42:43 | N | 12 Ko | 83ADE56097FED8D10FF391C1EEB2EBEF] – C:UsbFix [Scan 1] NINIPINSON.txt
[14/02/2013 – 23:12:25 | D] – C:Users
[06/02/2014 – 15:45:46 | D] – C:Windows
[18/09/2012 – 11:28:31 | N | 6146 Ko] – C:X55A.BIN
[19/09/2012 – 16:03:27 | N | 6146 Ko] – C:X55C.BIN
[20/09/2012 – 03:17:36 | N | 6146 Ko] – C:X55CR.BIN
[20/09/2012 – 08:32:21 | N | 6146 Ko] – C:X55VD.BIN
[20/09/2012 – 09:58:04 | N | 6146 Ko] – C:X55VDR.BIN
[24/08/2013 – 01:12:04 | D] – C:Zylom Games
[14/02/2013 – 23:54:35 | SHD] – D:$RECYCLE.BIN
[19/02/2013 – 14:47:53 | D] – D:Firefox
[05/12/2012 – 20:51:49 | SHD] – D:System Volume Information
[13/06/2006 – 19:11:08 | D] – H:DCIM
[16/05/2007 – 00:14:26 | D] – H:Recycled
[17/05/2007 – 13:31:26 | N | 340 Ko | 86F1895AE8C5E8B17D99ECE768A70732] – H:msvcr71.dll
[10/09/2007 – 16:27:18 | N | 0 Ko] – H:WMPInfo.xml
[09/10/2012 – 23:29:36 | N | 5162 Ko] – H:Jamiroquai – Just Dance (Center Stage Soundtrack).mp3

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |