Répondre à : Noms de dossiers et fichiers transformés en raccourcis2016-09-12T13:42:41+00:00
Greta_1
Participant
Nombre d'articles : 8

Bonjour,
Ci dessous le rapport
Merci de ton aide

############################## | UsbFix V 7.169 | [Recherche]

Utilisateur: PICASSO (Administrateur) # PICASSO13
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 11:00:56 | 14/04/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: FUJITSU (D3041-A1)
CPU: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz
RAM -> [Total : 1920 Mo| Free : 601 Mo]
Bios: FUJITSU // Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16521
WB: Mozilla Firefox : 7.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
AS: Microsoft Security Essentials [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes’ Anti-Malware : 1.75.0001

C: -> Disque fixe # 50 Go (24 Go libre(s) – 47%) [System] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 414 Go (398 Go libre(s) – 96%) [Data] # NTFS
F: -> Disque amovible # 958 Mo (872 Mo libre(s) – 91%) [GESTION] # FAT

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 432 |ParentID: 352)
C:Windowssystem32wininit.exe (ID: 484 |ParentID: 352)
C:Windowssystem32csrss.exe (ID: 496 |ParentID: 476)
C:Windowssystem32services.exe (ID: 540 |ParentID: 484)
C:Windowssystem32winlogon.exe (ID: 572 |ParentID: 476)
C:Windowssystem32lsass.exe (ID: 600 |ParentID: 484)
C:Windowssystem32lsm.exe (ID: 612 |ParentID: 484)
C:Windowssystem32svchost.exe (ID: 712 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 792 |ParentID: 540)
C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 856 |ParentID: 540)
C:WindowsSystem32svchost.exe (ID: 980 |ParentID: 540)
C:WindowsSystem32svchost.exe (ID: 1012 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1040 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1072 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1248 |ParentID: 540)
C:WindowsSystem32spoolsv.exe (ID: 1368 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1396 |ParentID: 540)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1504 |ParentID: 540)
C:Windowssystem32svchost.exe (ID: 1532 |ParentID: 540)
C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe (ID: 1604 |ParentID: 540)
C:WindowsSystem32svchost.exe (ID: 1656 |ParentID: 540)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1824 |ParentID: 540)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 1900 |ParentID: 1824)
C:Windowssystem32SearchIndexer.exe (ID: 2884 |ParentID: 540)
C:Windowssystem32taskhost.exe (ID: 3576 |ParentID: 540)
C:Windowssystem32Dwm.exe (ID: 3404 |ParentID: 1012)
C:WindowsExplorer.EXE (ID: 3248 |ParentID: 3596)
C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 3872 |ParentID: 3248)
C:FujitsuProgramsDeskupdateDeskUpdateNotifier.exe (ID: 3932 |ParentID: 3248)
C:WindowsSystem32igfxtray.exe (ID: 3924 |ParentID: 3248)
C:WindowsSystem32hkcmd.exe (ID: 3956 |ParentID: 3248)
C:WindowsSystem32igfxpers.exe (ID: 4012 |ParentID: 3248)
C:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 3996 |ParentID: 540)
C:Program FilesMicrosoft Security Clientmsseces.exe (ID: 3940 |ParentID: 3248)
C:WindowsSystem32wscript.exe (ID: 888 |ParentID: 3248)
C:Windowssystem32wbemwmiprvse.exe (ID: 252 |ParentID: 712)
C:WindowsSystem32WUDFHost.exe (ID: 204 |ParentID: 1012)
C:Program FilesMozilla Firefoxfirefox.exe (ID: 2364 |ParentID: 3248)
C:Program FilesInternet Exploreriexplore.exe (ID: 1172 |ParentID: 3248)
C:Program FilesInternet Exploreriexplore.exe (ID: 2456 |ParentID: 1172)
C:Windowssystem32svchost.exe (ID: 2052 |ParentID: 540)
C:Windowssystem32MacromedFlashFlashUtil11c_ActiveX.exe (ID: 3500 |ParentID: 712)
C:Program FilesInternet Exploreriexplore.exe (ID: 3320 |ParentID: 1172)
C:Windowsnotepad.exe (ID: 3236 |ParentID: 660)
C:Windowsexplorer.exe (ID: 1588 |ParentID: 712)
C:Program FilesMozilla Firefoxplugin-container.exe (ID: 1632 |ParentID: 2364)
C:Windowsnotepad.exe (ID: 920 |ParentID: 1240)
C:Windowssystem32taskeng.exe (ID: 1620 |ParentID: 1072)
C:Usersgreta01AppDataLocalGoogleUpdateInstall{1921032D-9D0C-46AB-BF4B-30A3D95ACABE}34.0.1847.116_33.0.1750.154_chrome_updater.exe (ID: 316 |ParentID: 3192)
C:Usersgreta01AppDataLocalTempCR_B3376.tmpsetup.exe (ID: 804 |ParentID: 316)
C:Windowssystem32SearchProtocolHost.exe (ID: 2800 |ParentID: 2884)
C:Windowssystem32SearchFilterHost.exe (ID: 1896 |ParentID: 2884)
C:Windowssystem32SearchProtocolHost.exe (ID: 3256 |ParentID: 2884)
C:Windowssystem32DllHost.exe (ID: 3460 |ParentID: 712)
C:Windowssystem32DllHost.exe (ID: 3396 |ParentID: 712)

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Google Update] “C:UsersPICASSOAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLM..Run : [DeskUpdateNotifier] “c:FujitsuProgramsDeskUpdateDeskUpdateNotifier.exe”
04 – HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [BCSSync] “C:Program FilesMicrosoft OfficeOffice14BCSSync.exe” /DelayServices
04 – HKLM..Run : [MSC] “C:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
04 – HKLM..RunOnce : [Malwarebytes Anti-Malware] C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe /install /silent
04 – HKLM..RunOnce : []
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3794041088-267600481-4042947410-1000..Run : [Google Update] “C:UsersPICASSOAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-3794041088-267600481-4042947410-1001..Run : [Google Update] “C:Usersgreta01AppDataLocalGoogleUpdateGoogleUpdate.exe” /c
04 – HKUS-1-5-21-3794041088-267600481-4042947410-1001..Run : [flashmemory] wscript.exe //B “C:Usersgreta01AppDataLocalTempflashmemory.vbe”
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Présent! F:flashmemory.vbe
Présent! F:kno.lnk

################## | Registre |

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |