Répondre à : Fichier clés usb transformé en raccourcis 2016-09-08T13:42:27+00:00
marinezer
Participant
Nombre d'articles : 16

Bonjour,

Merci de ta réponse aussi rapide, je t’envoie déjà mon rapport après analyse avec usb fixe je t’envoie le reste dans mon prochain message.
############################## | UsbFix V 7.171 | [Nettoyage]

Utilisateur: marine (Administrateur) # PC-DE-MARINE
Mis à jour le 18/05/2014 par El Desaparecido – SosVirus
Lancé à 14:27:31 | 23/05/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: eMachines (HM50-YK )
CPU: AMD Athlon(tm) Processor TF-20
RAM -> [Total : 1789 Mo| Free : 789 Mo]
Bios: eMachines
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 8.0.6001.19088
WB: Google Chrome : 34.0.1847.137

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [Enabled]

C: (%SystemDrive%) -> Disque fixe # 136 Go (15 Go libre(s) – 11%) [OS] # NTFS
D: -> CD-ROM
F: -> Disque amovible # 7 Go (7 Go libre(s) – 98%) [USB DISK] # FAT32

################## | Processus Stoppés |

C:WindowsSystem32Ati2evxx.exe (ID: 1088|ParentID: 696)
C:WindowsSystem32SLsvc.exe (ID: 1296|ParentID: 696)
C:WindowsSystem32Ati2evxx.exe (ID: 1536|ParentID: 1088|SYSTEM)
C:WindowsSystem32spoolsv.exe (ID: 2016|ParentID: 696|SYSTEM)
C:WindowsSystem32taskeng.exe (ID: 116|ParentID: 1184|SYSTEM)
C:Windowsexplorer.exe (ID: 540|ParentID: 296|marine)
C:Program FilesWindows DefenderMSASCui.exe (ID: 528|ParentID: 540|marine)
C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 268|ParentID: 540|marine)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2068|ParentID: 540|marine)
C:Program FilesCanonQuick MenuCNQMMAIN.EXE (ID: 2088|ParentID: 540|marine)
C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 2144|ParentID: 540|marine)
C:Program FileseMachineseMachines Power ManagementePowerSvc.exe (ID: 2496|ParentID: 696|SYSTEM)
C:Program FilesCanonIJPLMijplmsvc.exe (ID: 2532|ParentID: 696|SYSTEM)
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe (ID: 2588|ParentID: 696|SYSTEM)
C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe (ID: 2644|ParentID: 696|SYSTEM)
C:WindowsSystem32taskeng.exe (ID: 3160|ParentID: 1184|marine)
C:WindowsSystem32alg.exe (ID: 3608|ParentID: 696|SERVICE LOCAL)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4012|ParentID: 696|SERVICE RÉSEAU)
C:UsersmarineAppDataLocalTempRtkBtMnt.exe (ID: 2552|ParentID: 268|marine)
C:WindowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe (ID: 852|ParentID: 696|SERVICE LOCAL)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3880|ParentID: 2068|marine)
C:Program FilesCanonQuick MenuCNQMUPDT.EXE (ID: 1248|ParentID: 2088|marine)
C:Program FilesCanonQuick MenuCNQMSWCS.EXE (ID: 3124|ParentID: 2088|marine)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3712|ParentID: 540|marine)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2152|ParentID: 3712|marine)
C:WindowsSystem32WUDFHost.exe (ID: 1680|ParentID: 1168|SERVICE LOCAL)
C:WindowsSystem32taskeng.exe (ID: 5252|ParentID: 1184|marine)
C:WindowsSystem32sdclt.exe (ID: 5284|ParentID: 5252|marine)
C:WindowsSystem32wuauclt.exe (ID: 5648|ParentID: 1184|marine)
C:Program FilesMicrosoft OfficeOffice12WINWORD.EXE (ID: 5232|ParentID: 540|marine)

################## | Autorun |

F:MEMOIRE.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:guide d’entretien ME (gs).lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:guide d’entretien ME (gs) (1).lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:ISAP2.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:ISAP3 (2).lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:ECRIT MEMOIRE noémie.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:Intro mémoire.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:ISAP.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:autoévalution troisième année.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:le_code_de_deontologie.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:blog-referent.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:fonction_referent.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:fp referent educatif ASE Montbeliard.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:SKMBT_C20313112515180.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:dossierthematique_theoriedelattachement_5.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:coopérer avec les parents en protection de l’enfance 1.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:ISIC format DPP.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:MEMOIRE ME Mai (gs).lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)
F:Projet de recherche.lnk -> F:Intel(R)Service.vbs – VirusTotal – (19/50)

################## | Recherche générique |

Supprimé! F:Intel(R)Service.vbs
Supprimé! F:ISAP.lnk
Supprimé! F:guide d’entretien ME (gs).lnk
Supprimé! F:guide d’entretien ME (gs) (1).lnk
Supprimé! F:autoévalution troisième année.lnk
Supprimé! F:ISAP2.lnk
Supprimé! F:ISAP3 (2).lnk
Supprimé! F:Intro mémoire.lnk
Supprimé! F:ECRIT MEMOIRE noémie.lnk
Supprimé! F:MEMOIRE.lnk
Supprimé! F:blog-referent.lnk
Supprimé! F:le_code_de_deontologie.lnk
Supprimé! F:fonction_referent.lnk
Supprimé! F:Itinéraire d’un assistant familial – Accueil UFNAFAAM.lnk
Supprimé! F:fp referent educatif ASE Montbeliard.lnk
Supprimé! F:SKMBT_C20313112515180.lnk
Supprimé! F:dossierthematique_theoriedelattachement_5.lnk
Supprimé! F:coopérer avec les parents en protection de l’enfance 1.lnk
Supprimé! F:ISIC format DPP.lnk
Supprimé! F:MEMOIRE ME Mai (gs).lnk
Supprimé! F:Projet de recherche.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] Explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32Userinit.exe,
04 – HKCU..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
04 – HKLM..Run : [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
04 – HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
04 – HKLM..Run : [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
04 – HKLM..Run : [CanonQuickMenu] C:Program FilesCanonQuick MenuCNQMMAIN.EXE /logon
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-179234166-31584988-549877916-1000..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe

################## | C: %SystemDrive% – Disque Fixe (NTFS) |

[26/12/2012 – 19:01:55 | N | 0 Ko] – C:SetSearchAndHomepageInBrowserLog.txt
[22/10/2013 – 20:17:47 | N | 12 Ko] – C:UsbFix [Scan 1] PC-DE-MARINE.txt
[22/10/2013 – 21:03:27 | N | 21 Ko] – C:UsbFix [Clean 1] PC-DE-MARINE.txt
[20/05/2014 – 09:24:55 | N | 7 Ko] – C:UsbFix [Scan 2] PC-DE-MARINE.txt
[20/05/2014 – 10:14:59 | N | 7 Ko] – C:UsbFix [Scan 3] PC-DE-MARINE.txt
[18/09/2006 – 23:43:37 | N | 0 Ko] – C:config.sys
[19/05/2010 – 15:28:12 | N | 0 Ko] – C:MSDOS.SYS
[19/05/2010 – 15:28:12 | N | 0 Ko] – C:IO.SYS
[23/05/2014 – 12:53:29 | ASH | 2139520 Ko] – C:pagefile.sys
[03/03/2009 – 15:16:33 | N | 2 Ko] – C:RHDSetup.log
[10/10/2009 – 12:41:20 | SHD] – C:$Recycle.Bin
[18/09/2006 – 23:43:36 | N | 0 Ko] – C:autoexec.bat
[03/03/2009 – 22:29:27 | RAS | 8 Ko] – C:BOOTSECT.BAK
[02/11/2006 – 14:59:44 | SHD] – C:Documents and Settings
[21/01/2008 – 04:34:29 | RASH | 325 Ko] – C:bootmgr
[21/01/2008 – 04:43:50 | D] – C:PerfLogs
[03/03/2009 – 15:19:20 | RHD] – C:MSOCache
[03/03/2009 – 22:29:26 | SHD] – C:Boot
[18/06/2009 – 07:48:35 | D] – C:book
[06/10/2009 – 22:40:17 | D] – C:ACERSW
[06/10/2009 – 22:41:19 | D] – C:ACER
[10/10/2009 – 12:40:47 | D] – C:Users
[19/05/2010 – 15:29:17 | D] – C:Westwood
[30/11/2010 – 17:38:04 | D] – C:2a907a25565162a10b6a96
[07/12/2010 – 16:55:33 | D] – C:Boonty
[24/03/2013 – 17:11:38 | D] – C:NVIDIA
[27/03/2013 – 19:27:34 | D] – C:Microsoft Office 2007 Pro FR – V12 Final (Access, Excel, Word, Outlook, PowerPoint, Publisher, InfoPath) + N
[07/04/2013 – 12:30:29 | N | 0 Ko] – C:END
[02/08/2013 – 15:46:05 | HD] – C:ProgramData
[08/12/2013 – 19:36:04 | D] – C:Temp
[13/03/2014 – 09:04:44 | D] – C:e93c007d3cd84f2b076d
[10/05/2014 – 14:00:31 | D] – C:Program Files
[23/05/2014 – 12:55:15 | D] – C:Windows
[23/05/2014 – 13:04:35 | SHD] – C:System Volume Information
[23/05/2014 – 14:27:08 | D] – C:UsbFix

################## | F: – Disque USB (FAT32) |

[11/04/2014 – 13:26:04 | N | 74 Ko] – F:le_code_de_deontologie.pdf
[16/04/2014 – 06:27:54 | N | 142 Ko] – F:fonction_referent.pdf
[16/04/2014 – 06:30:22 | N | 107 Ko] – F:fp referent educatif ASE Montbeliard.PDF
[17/04/2014 – 08:22:28 | N | 18002 Ko] – F:SKMBT_C20313112515180.pdf
[17/04/2014 – 11:52:18 | N | 2124 Ko] – F:dossierthematique_theoriedelattachement_5.pdf
[17/04/2014 – 12:17:08 | N | 267 Ko] – F:coopérer avec les parents en protection de l’enfance 1.pdf
[01/04/2014 – 16:50:58 | N | 14 Ko] – F:ECRIT MEMOIRE noémie.odt
[20/01/2014 – 22:29:10 | N | 31 Ko] – F:ISAP.docx
[04/02/2014 – 20:45:20 | N | 14 Ko] – F:guide d’entretien ME (gs).docx
[06/02/2014 – 10:27:22 | N | 14 Ko] – F:guide d’entretien ME (gs) (1).docx
[14/03/2014 – 08:34:42 | N | 35 Ko] – F:ISAP2.docx
[31/03/2014 – 23:04:06 | N | 34 Ko] – F:ISAP3 (2).docx
[31/03/2014 – 23:29:48 | N | 26 Ko] – F:autoévalution troisième année.docx
[22/04/2014 – 15:42:40 | N | 40 Ko] – F:ISIC format DPP.docx
[30/04/2014 – 10:33:02 | N | 78 Ko] – F:MEMOIRE ME Mai (gs).docx
[04/05/2014 – 14:20:48 | N | 27 Ko] – F:Intro mémoire.docx
[07/05/2014 – 12:26:20 | N | 18 Ko] – F:Projet de recherche.docx
[07/05/2014 – 12:26:30 | N | 81 Ko] – F:MEMOIRE.docx
[11/04/2014 – 11:25:22 | N | 129 Ko] – F:blog-referent.doc
[04/06/2013 – 15:06:06 | D] – F:Fiches DC4 + mémoire ass3
[19/10/2013 – 18:39:14 | D] – F:théorie isap
[19/10/2013 – 18:39:14 | D] – F:mémoire
[20/10/2013 – 22:29:12 | D] – F:Données territoire stage
[12/01/2014 – 21:01:46 | D] – F:ISIC
[18/02/2014 – 16:06:14 | D] – F:politique sociale
[20/03/2014 – 11:51:16 | D] – F:dossier info
[24/03/2014 – 14:32:58 | D] – F:retranscription mémoire
[01/04/2014 – 16:51:14 | SHD] – F:System Volume Information
[08/05/2014 – 17:09:12 | D] – F:Memoire finalisé
[19/05/2014 – 13:21:30 | D] – F:MEMOIRE IMPRIMEUR

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |