Répondre à : Virus sur clés USB 2016-09-08T13:38:41+00:00
mta
Participant
Post count: 15

Bonjour,

Voila qui est fait. Je te joins le nouveau rapport.
Oui ça m’intéresse de savoir si il y a d’autres types de virus sur mon ordinateur… que me préconises-tu ?

Merci pour ton aide.[spoiler:284xicnl]############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: mta (Administrateur) # MTA-PC
Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
Lancé à 09:19:32 | 05/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (JV50 )
CPU: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
RAM -> [Total : 4091 Mo| Free : 2391 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17105
WB: Mozilla Firefox : 28.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! antivirus [Enabled | Updated]
AS: avast! antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]

C: (%systemdrive%) -> Disque fixe # 285 Go (144 Go libre(s) – 51%) [ACER] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 14 Go (14 Go libre(s) – 100%) [STORE N GO] # FAT32
F: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [] # FAT32
G: -> Disque amovible # 7 Go (119 Mo libre(s) – 2%) [USB BILAL] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 448 |ParentID: 384)
C:Windowssystem32wininit.exe (ID: 524 |ParentID: 384)
C:Windowssystem32csrss.exe (ID: 540 |ParentID: 516)
C:Windowssystem32services.exe (ID: 584 |ParentID: 524)
C:Windowssystem32lsass.exe (ID: 600 |ParentID: 524)
C:Windowssystem32lsm.exe (ID: 608 |ParentID: 524)
C:Windowssystem32svchost.exe (ID: 708 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 788 |ParentID: 584)
C:Windowssystem32atiesrxx.exe (ID: 840 |ParentID: 584)
C:Windowssystem32winlogon.exe (ID: 892 |ParentID: 516)
C:WindowsSystem32svchost.exe (ID: 944 |ParentID: 584)
C:WindowsSystem32svchost.exe (ID: 996 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 456 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 452 |ParentID: 584)
C:Windowssystem32atieclxx.exe (ID: 1096 |ParentID: 840)
C:Windowssystem32svchost.exe (ID: 1252 |ParentID: 584)
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe (ID: 1336 |ParentID: 584)
C:Program FilesAlwil SoftwareAvast4ashServ.exe (ID: 1360 |ParentID: 584)
C:Windowssystem32Dwm.exe (ID: 1564 |ParentID: 996)
C:WindowsExplorer.EXE (ID: 1580 |ParentID: 1556)
C:Windowssystem32runonce.exe (ID: 1628 |ParentID: 1580)
C:WindowsSysWOW64runonce.exe (ID: 1640 |ParentID: 1628)
C:Windowssystem32DllHost.exe (ID: 1716 |ParentID: 708)
C:WindowsSystem32spoolsv.exe (ID: 1944 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 1976 |ParentID: 584)
C:Windowssystem32taskhost.exe (ID: 2000 |ParentID: 584)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1444 |ParentID: 584)
C:Program FilesLSI SoftModemagr64svc.exe (ID: 1472 |ParentID: 584)
C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID: 1516 |ParentID: 584)
C:Windowssystem32taskeng.exe (ID: 1692 |ParentID: 452)
C:Windowssystem32taskeng.exe (ID: 1760 |ParentID: 452)
C:Program Files (x86)AcerRegistrationGregHSRW.exe (ID: 2092 |ParentID: 584)
C:Program FilesAlwil SoftwareAvast4setupavast.setup (ID: 2100 |ParentID: 1360)
C:Program Files (x86)CanonIJPLMIJPLMSVC.EXE (ID: 2160 |ParentID: 584)
C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe (ID: 2188 |ParentID: 584)
C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe (ID: 2248 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 2280 |ParentID: 584)
C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID: 2316 |ParentID: 584)
C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe (ID: 2364 |ParentID: 584)
C:Program Files (x86)Western DigitalWD SmartWareWDRulesEngine.exe (ID: 2416 |ParentID: 584)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2500 |ParentID: 584)
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (ID: 2532 |ParentID: 584)
C:Program Files (x86)Western DigitalWD SmartWareWDBackupEngine.exe (ID: 2588 |ParentID: 584)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2624 |ParentID: 2500)
C:Windowssystem32svchost.exe (ID: 2936 |ParentID: 584)
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe (ID: 2980 |ParentID: 584)
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe (ID: 3028 |ParentID: 584)
C:Windowssystem32svchost.exe (ID: 336 |ParentID: 584)
C:Windowssystem32wbemwmiprvse.exe (ID: 1772 |ParentID: 708)
C:WindowsSystem32WUDFHost.exe (ID: 3260 |ParentID: 996)
C:WindowsSystem32rundll32.exe (ID: 3340 |ParentID: 708)

################## | Recherche générique |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Facebook Update] “C:UsersmtaAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKCU..Run : [MediaGet2] C:UsersmtaAppDataLocalMediaGet2mediaget.exe –minimized
04 – HKLM..Run : [BackupManagerTray] “C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe” -h -k
04 – HKLM..Run : [EgisTecLiveUpdate] “C:Program Files (x86)EgisTec Egis Software UpdateEgisUpdate.exe”
04 – HKLM..Run : [StartCCC] “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLM..Run : [LManager] C:Program Files (x86)Launch ManagerLManager.exe
04 – HKLM..Run : [ArcadeDeluxeAgent] “C:Program Files (x86)Acer Arcade DeluxeAcer Arcade DeluxeArcadeDeluxeAgent.exe”
04 – HKLM..Run : [PlayMovie] “C:Program Files (x86)Acer Arcade DeluxePlayMoviePMVService.exe”
04 – HKLM..Run : [avast!] “C:Program FilesAlwil SoftwareAvast4ashDisp.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [WD Drive Unlocker] C:Program Files (x86)Western DigitalWD SecurityWDDriveAutoUnlock.exe
04 – HKLM..Run : [WD Quick View] C:Program Files (x86)Western DigitalWD Quick ViewWDDMStatus.exe
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – [x64] HKLM..Run : [IAAnotif] C:Program Files (x86)IntelIntel Matrix Storage Manageriaanotif.exe
04 – [x64] HKLM..Run : [mwlDaemon] C:Program Files (x86)EgisTecMyWinLocker 3x86mwlDaemon.exe
04 – [x64] HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – [x64] HKLM..Run : [PLFSetI] C:WindowsPLFSetI.exe
04 – [x64] HKLM..Run : [Acer ePower Management] C:Program FilesAcerAcer ePower ManagementePowerTray.exe
04 – [x64] HKLM..Run : [CanonSolutionMenu] C:Program Files (x86)CanonSolutionMenuCNSLMAIN.exe /logon
04 – [x64] HKLM..Run : [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1723095371-1710161550-1366516139-1000..Run : [Facebook Update] “C:UsersmtaAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-21-1723095371-1710161550-1366516139-1000..Run : [MediaGet2] C:UsersmtaAppDataLocalMediaGet2mediaget.exe –minimized
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[14/08/2010 – 17:59:01 | SHD] – C:$Recycle.Bin
[21/12/2013 – 10:56:40 | D] – C:AdwCleaner
[27/11/2009 – 00:02:45 | D] – C:BOOK
[14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
[27/07/2009 – 22:40:53 | RASH | 8 Ko] – C:BOOTSECT.BAK
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[29/07/2010 – 16:33:46 | DC] – C:elements
[05/05/2014 – 09:17:26 | ASH | 3141828 Ko] – C:hiberfil.sys
[29/10/2009 – 07:44:31 | D] – C:Intel
[29/10/2009 – 07:45:07 | RHD] – C:MSOCache
[29/07/2010 – 16:30:23 | D] – C:oem
[05/05/2014 – 09:17:30 | ASH | 4189108 Ko] – C:pagefile.sys
[06/11/2009 – 02:32:36 | N | 14 Ko] – C:Patch.rev
[18/05/2012 – 10:05:20 | D] – C:PerfLogs
[29/07/2010 – 16:30:17 | N | 0 Ko] – C:Preload.rev
[05/05/2013 – 12:42:58 | D] – C:Program Files
[02/05/2014 – 10:16:02 | D] – C:Program Files (x86)
[02/05/2014 – 10:16:02 | HD] – C:ProgramData
[29/07/2010 – 16:30:06 | SHD] – C:Recovery
[03/05/2014 – 01:45:50 | SHD] – C:System Volume Information
[04/05/2014 – 19:03:53 | D] – C:UsbFix
[05/05/2014 – 09:14:33 | N | 13 Ko | 6A823C36A5601425F2C30231E64A7CC9] – C:UsbFix [Clean 2] MTA-PC.txt
[05/05/2014 – 09:20:45 | A | 9 Ko | F6240D808E55003596F2C3FE61DA2110] – C:UsbFix [Clean 4] MTA-PC.txt
[04/05/2014 – 19:02:19 | N | 11 Ko | 2FC584DCFFA7C3F2A0159FAACD69BA44] – C:UsbFix [Scan 1] MTA-PC.txt
[29/07/2010 – 16:30:12 | D] – C:Users
[26/05/2012 – 00:23:28 | D] – C:Utorrent
[12/04/2014 – 06:36:33 | D] – C:Windows
[13/12/2013 – 19:01:18 | D] – C:[www.Cpasbien.me] Argo.FRENCH.BDRIP.XviD-SANSDouTE
[10/12/2013 – 16:12:24 | D] – G:Telechargement Film
[19/03/2013 – 14:33:02 | D] – G:.Autorun
[11/05/2013 – 20:13:46 | D] – G:Téléchargement Musique
[05/05/2013 – 17:25:54 | D] – G:FOUND.000
[31/01/2014 – 18:36:16 | N | 76 Ko] – G:doc 9.pdf
[02/05/2014 – 15:16:10 | N | 526 Ko] – G:Mi Casa ideal.pptx
[04/05/2014 – 18:19:40 | N | 203 Ko] – G:Recherche Francis Ford Coppola, Tod Browning, Comment cinéma a été crée.pptx
[10/12/2013 – 16:09:56 | D] – G:Telechargement musique Rap
[04/05/2014 – 18:14:38 | N | 150 Ko] – G:James Brown.pptx

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:284xicnl]