Répondre à : Virus supports amovibles raccourcis 2016-09-08T13:39:58+00:00
hbaud
Participant
Nombre d'articles : 1

Merci beaucoup pour la rapidité! J’ai relancé Usbfix en mode suppression, voilà le rapport:
[spoiler:2o9oz7yr]############################## | UsbFix V 7.169 | [Suppression]

Utilisateur: Hilaire (Administrateur) # HILAIRE-PC
Mis à jour le 08/05/2014 par El Desaparecido – Team SosVirus
Lancé à 21:39:49 | 10/05/2014

Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
Support : forum-virus-securite.html
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer Inc. (K53SV)
CPU: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
RAM -> [Total : 6056 Mo| Free : 3606 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17105
WB: Google Chrome : 32.0.1700.102
WB: Mozilla Firefox : 29.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
AS: Microsoft Security Essentials [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]

C: (%systemdrive%) -> Disque fixe # 279 Go (176 Go libre(s) – 63%) [OS] # NTFS
D: -> Disque fixe # 101 Go (13 Go libre(s) – 13%) [Data] # NTFS
E: -> Disque fixe # 293 Go (193 Go libre(s) – 66%) [OS] # NTFS
F: -> CD-ROM
G: -> Disque amovible # 7 Go (7 Go libre(s) – 100%) [USB DISK] # FAT32
H: -> Disque amovible # 960 Mo (417 Mo libre(s) – 43%) [NT] # FAT
I: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [] # FAT32

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID: 480 |ParentID: 432)
C:Windowssystem32csrss.exe (ID: 620 |ParentID: 612)
C:Windowssystem32wininit.exe (ID: 628 |ParentID: 432)
C:Windowssystem32winlogon.exe (ID: 676 |ParentID: 612)
C:Windowssystem32services.exe (ID: 724 |ParentID: 628)
C:Windowssystem32lsass.exe (ID: 732 |ParentID: 628)
C:Windowssystem32lsm.exe (ID: 740 |ParentID: 628)
C:Windowssystem32svchost.exe (ID: 832 |ParentID: 724)
C:Windowssystem32nvvsvc.exe (ID: 896 |ParentID: 724)
C:Windowssystem32svchost.exe (ID: 936 |ParentID: 724)
C:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 152 |ParentID: 724)
C:WindowsSystem32svchost.exe (ID: 488 |ParentID: 724)
C:WindowsSystem32svchost.exe (ID: 504 |ParentID: 724)
C:Windowssystem32svchost.exe (ID: 484 |ParentID: 724)
C:Windowssystem32svchost.exe (ID: 588 |ParentID: 724)
C:Windowssystem32svchost.exe (ID: 1136 |ParentID: 724)
C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 1272 |ParentID: 896)
C:Windowssystem32nvvsvc.exe (ID: 1284 |ParentID: 896)
C:Windowssystem32FBAgent.exe (ID: 1332 |ParentID: 724)
C:Program Files (x86)ASUSSmartLogonsmartlogon.exe (ID: 1340 |ParentID: 136)
C:Windowssystem32WLANExt.exe (ID: 1348 |ParentID: 504)
C:Windowssystem32conhost.exe (ID: 1384 |ParentID: 480)
C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1396 |ParentID: 724)
C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1644 |ParentID: 724)
C:Windowssystem32Dwm.exe (ID: 1652 |ParentID: 504)
C:Windowssystem32taskeng.exe (ID: 1744 |ParentID: 588)
C:WindowsSystem32spoolsv.exe (ID: 1812 |ParentID: 724)
C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 1836 |ParentID: 1396)
C:Windowssystem32svchost.exe (ID: 1908 |ParentID: 724)
C:Windowssystem32rundll32.exe (ID: 1108 |ParentID: 724)
C:WindowsSysWOW64rundll32.exe (ID: 1160 |ParentID: 1108)
C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe (ID: 1252 |ParentID: 1836)
C:Program Files (x86)BonjourmDNSResponder.exe (ID: 1584 |ParentID: 724)
C:Program FilesIntelWiFibinEvtEng.exe (ID: 1724 |ParentID: 724)
C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 2052 |ParentID: 1836)
C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe (ID: 2096 |ParentID: 1836)
C:Program Files (x86)Hotspot ShieldHssWPRhsssrv.exe (ID: 2128 |ParentID: 724)
C:Program Files (x86)Hotspot Shieldbinhsswd.exe (ID: 2168 |ParentID: 724)
C:Program Files (x86)GoogleUpdateGoogleUpdate.exe (ID: 2196 |ParentID: 1744)
C:ProgramDataBetterSoftContinueToSaveContinueToSave.exe (ID: 2204 |ParentID: 1744)
C:Program Files (x86)PDF ArchitectHelperService.exe (ID: 2240 |ParentID: 724)
C:Program Files (x86)PDF ArchitectConversionService.exe (ID: 2504 |ParentID: 724)
C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe (ID: 2584 |ParentID: 724)
C:Program Files (x86)GoogleUpdate1.3.22.3GoogleCrashHandler.exe (ID: 2596 |ParentID: 2196)
C:Program Files (x86)GoogleUpdate1.3.22.3GoogleCrashHandler64.exe (ID: 2612 |ParentID: 2196)
C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 3208 |ParentID: 724)
C:Windowssystem32svchost.exe (ID: 3304 |ParentID: 724)
C:Program FilesIntelTurboBoostTurboBoost.exe (ID: 3332 |ParentID: 724)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3400 |ParentID: 724)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3564 |ParentID: 3400)
C:Windowssystem32wbemunsecapp.exe (ID: 3616 |ParentID: 832)
C:Windowssystem32svchost.exe (ID: 1200 |ParentID: 724)
C:Windowssystem32wbemwmiprvse.exe (ID: 1568 |ParentID: 832)
C:Windowssystem32wbemwmiprvse.exe (ID: 2144 |ParentID: 832)
C:WindowsSystem32rundll32.exe (ID: 3724 |ParentID: 832)
C:Windowssystem32SearchIndexer.exe (ID: 5008 |ParentID: 724)
C:Windowssystem32svchost.exe (ID: 140 |ParentID: 724)
C:WindowsSystem32svchost.exe (ID: 4256 |ParentID: 724)
C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (ID: 3300 |ParentID: 724)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3644 |ParentID: 724)
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 4056 |ParentID: 724)
C:WindowsSystem32rundll32.exe (ID: 1608 |ParentID: 832)
C:WindowsSystem32WUDFHost.exe (ID: 5428 |ParentID: 504)
C:Windowssystem32taskeng.exe (ID: 4708 |ParentID: 588)
C:Windowsexplorer.exe (ID: 5088 |ParentID: 3656)
C:WindowsSystem32wscript.exe (ID: 4972 |ParentID: 1036)
C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 4352 |ParentID: 5088)
C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 5348 |ParentID: 4352)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 5376 |ParentID: 5348)
C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_13_0_0_206.exe (ID: 5932 |ParentID: 5376)
C:Windowssystem32SearchProtocolHost.exe (ID: 1256 |ParentID: 5008)
C:Windowssystem32SearchFilterHost.exe (ID: 5576 |ParentID: 5008)
C:Windowssystem32DllHost.exe (ID: 2276 |ParentID: 832)
C:Windowssystem32DllHost.exe (ID: 6004 |ParentID: 832)

################## | Recherche générique |

Supprimé! C:UsersHilaireAppDataRoaming168816984_MicrosoftUpdate.vbe
Supprimé! G:168816984_MicrosoftUpdate.vbe
Supprimé! H:168816984_MicrosoftUpdate.vbe
Supprimé! I:168816984_MicrosoftUpdate.vbe
Supprimé! H:afrique.lnk
Supprimé! H:dessins.lnk
Supprimé! H:WEB.lnk
Supprimé! H:RECYCLER.lnk
Supprimé! H:à imprimer stage.lnk
Supprimé! H:a imprimer dakar.lnk
Supprimé! H:.fseventsd.lnk
Supprimé! H:.Trashes.lnk
Supprimé! H:.Spotlight-V100.lnk
Supprimé! I:AVF_INFO.lnk
Supprimé! I:PRIVATE.lnk
Supprimé! I:DCIM.lnk
Supprimé! I:MP_ROOT.lnk
Supprimé! I:Autorun.inf.lnk
Supprimé! I:syncguid.dat

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3433864762-517863337-3049944731-1001SoftwareMicrosoftWindowsCurrentVersionRun|168816984_MicrosoftUpdate
Supprimé! [x64] HKLMSoftwareMicrosoftWindowsCurrentVersionRun|168816984_MicrosoftUpdate

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] userinit.exe
F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Syncables] C:Program Files (x86)syncablessyncables desktopSyncables.exe
04 – HKCU..Run : [AdobeBridge]
04 – HKCU..Run : [Facebook Update] “C:UsersHilaireAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKLM..Run : [Nuance PDF Reader-reminder] “C:Program Files (x86)NuancePDF ReaderEregEreg.exe” -r “C:ProgramDataNuancePDF ReaderEregEreg.ini”
04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.84.161AsusWSPanel.exe /S
04 – HKLM..Run : [SonicMasterTray] C:Program Files (x86)ASUSSonic FocusSonicFocusTray.exe
04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
04 – HKLM..Run : [UpdateLBPShortCut] “C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkLabelPrint” UpdateWithCreateOnce “SoftwareCyberLinkLabelPrint2.5”
04 – HKLM..Run : [UpdateP2GoShortCut] “C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkPower2Go” UpdateWithCreateOnce “SOFTWARECyberLinkPower2Go6.0”
04 – HKLM..Run : [Browser companion helper] C:Program Files (x86)BrowserCompanionBCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS}
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [YTDownloader] “C:Program Files (x86)YTDownloaderYTDownloader.exe” /boot
04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /SF3
04 – [x64] HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
04 – [x64] HKLM..Run : [IntelPAN] “C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe” /tf Intel PAN Tray
04 – [x64] HKLM..Run : [IntelTBRunOnce] wscript.exe //b //nologo “C:Program FilesIntelTurboBoostRunTBGadgetOnce.vbs”
04 – [x64] HKLM..Run : [Setwallpaper] c:programdataSetWallpaper.cmd
04 – [x64] HKLM..Run : [MSC] “C:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [Syncables] C:Program Files (x86)syncablessyncables desktopSyncables.exe
04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [AdobeBridge]
04 – HKUS-1-5-21-3433864762-517863337-3049944731-1001..Run : [Facebook Update] “C:UsersHilaireAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

################## | Listing |

[08/11/2012 – 16:30:27 | SHD] – C:$Recycle.Bin
[31/01/2014 – 22:47:32 | D] – C:adobeTemp
[28/01/2012 – 00:14:16 | D] – C:ASUS.DAT
[13/04/2011 – 04:49:40 | D] – C:AsusVibeData
[28/01/2012 – 00:49:03 | D] – C:Autodesk
[29/07/2009 – 08:03:34 | SHD] – C:Boot
[14/07/2009 – 03:38:58 | RASH | 375 Ko] – C:bootmgr
[14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
[29/01/2012 – 00:33:44 | D] – C:eSupport
[09/12/2013 – 09:38:55 | D] – C:found.000
[10/05/2014 – 21:20:45 | ASH | 4650828 Ko] – C:hiberfil.sys
[29/01/2012 – 00:19:19 | D] – C:Intel
[28/01/2012 – 16:57:01 | RHD] – C:MSOCache
[10/05/2014 – 21:20:51 | ASH | 6201108 Ko] – C:pagefile.sys
[14/07/2009 – 05:20:08 | D] – C:PerfLogs
[19/10/2013 – 18:37:06 | D] – C:Program Files
[10/05/2014 – 10:41:26 | D] – C:Program Files (x86)
[01/03/2014 – 02:33:15 | HD] – C:ProgramData
[28/01/2012 – 00:09:50 | SHD] – C:Recovery
[10/05/2014 – 11:36:53 | SHD] – C:System Volume Information
[03/02/2012 – 11:33:44 | D] – C:temp
[10/05/2014 – 21:39:47 | D] – C:UsbFix
[10/05/2014 – 21:33:10 | N | 16 Ko | C01F08616E0B7ACC9C5996A686374948] – C:UsbFix [Clean 2] HILAIRE-PC.txt
[10/05/2014 – 21:39:29 | N | 16 Ko | 3FD6140A2924242C36D66570C0ED1350] – C:UsbFix [Clean 4] HILAIRE-PC.txt
[10/05/2014 – 21:41:13 | A | 12 Ko | F292D90665EAB826E7C085BF01475A01] – C:UsbFix [Clean 6] HILAIRE-PC.txt
[10/05/2014 – 17:41:27 | N | 14 Ko | 70BDC06B430054A593240B630CBB30F8] – C:UsbFix [Scan 1] HILAIRE-PC.txt
[28/01/2012 – 00:12:17 | D] – C:Users
[29/01/2012 – 01:03:26 | D] – C:WIMAPPLY
[06/05/2014 – 07:46:15 | D] – C:Windows
[10/11/2012 – 06:34:37 | SHD] – D:$RECYCLE.BIN
[05/05/2014 – 22:16:11 | D] – D:archi
[23/09/2013 – 14:28:59 | D] – D:dessins
[05/02/2014 – 16:42:40 | D] – D:important
[03/05/2014 – 10:18:20 | D] – D:musique
[29/01/2012 – 00:06:43 | SHD] – D:System Volume Information
[01/05/2012 – 16:17:49 | N | 0 Ko] – D:~$763ACF41 wifi.docx
[29/11/2013 – 14:54:16 | SHD] – E:$RECYCLE.BIN
[06/02/2012 – 01:27:02 | D] – E:3660b68b0cd6b2b4bf3ca529b85c24
[07/02/2012 – 01:52:43 | D] – E:60e5e4daf19e4f3a27
[05/05/2014 – 08:56:31 | D] – E:66ce9348d55b6cb11e3c08cbf6728e
[05/05/2014 – 20:03:05 | D] – E:6c1cfbd528888c2682151a49c0
[14/12/2013 – 21:02:11 | D] – E:b9c93e85eb1002767700
[28/01/2012 – 06:20:07 | N | 0 Ko] – E:Data (D) – Raccourci.lnk
[18/02/2014 – 19:26:53 | D] – E:films
[05/05/2014 – 22:16:40 | D] – E:M2
[05/03/2014 – 09:23:32 | D] – E:photos
[29/01/2012 – 00:06:46 | SHD] – E:System Volume Information
[20/03/2014 – 07:43:04 | D] – H:afrique
[25/03/2014 – 11:24:08 | D] – H:dessins
[03/03/2014 – 11:56:34 | D] – H:à imprimer stage
[02/03/2014 – 21:22:30 | D] – H:a imprimer dakar
[02/04/2014 – 12:17:22 | D] – H:WEB
[22/04/2012 – 07:47:46 | H | 0 Ko] – H:AUTORUN.INF
[28/04/2012 – 09:04:56 | N | 0 Ko] – H:~$Eval Stage Appro.xlsx
[02/04/2014 – 12:15:42 | SHD] – H:.fseventsd
[02/04/2014 – 12:35:26 | N | 4 Ko] – H:._WEB
[28/07/2012 – 00:46:50 | AH | 4 Ko] – H:._.Trashes
[28/07/2012 – 00:46:50 | SHD] – H:.Trashes
[13/09/2011 – 10:56:28 | N | 0 Ko] – H:drive.id
[28/07/2012 – 00:46:50 | SHD] – H:.Spotlight-V100
[20/10/2011 – 09:41:44 | SHD] – H:RECYCLER
[10/05/2014 – 21:35:34 | D] – I:AVF_INFO
[10/05/2014 – 21:35:38 | D] – I:PRIVATE
[10/05/2014 – 21:35:42 | D] – I:DCIM
[10/05/2014 – 21:35:42 | D] – I:MP_ROOT

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2o9oz7yr]