Répondre à : Fichiers .exe sur mes clés USB 2016-09-08T13:46:11+00:00
Vito
Participant
Nombre d'articles : 6

Salut

Voici le rapport de nettoyage

Spoiler for 247f546h

############################## | UsbFix V 7.171 | [Nettoyage]

Utilisateur: bureau (Administrateur) # NOM-325236CBEE9
Mis à jour le 09/06/2014 par El Desaparecido – SosVirus
Lancé à 06:57:11 | 16/06/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: NEC COMPUTERS INTERNATIONAL (NEC Versa Premium )
CPU: Intel(R) Celeron(R) M processor 1.30GHz
RAM -> [Total : 959 Mo| Free : 360 Mo]
Bios: Insyde Software Corporation
Boot: Normal boot

OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 29.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]

FW: Windows FireWall [Enabled]

C: (%SystemDrive%) -> Disque fixe # 149 Go (2 Go libre(s) – 2%) [] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 4 Go (660 Mo libre(s) – 17%) [] # FAT32
F: -> Disque amovible # 2 Go (920 Mo libre(s) – 48%) [] # FAT

################## | Processus Stoppés |

C:WINDOWSsystem32spoolsv.exe (ID: 1392|ParentID: 628|SYSTEM)
C:WINDOWSexplorer.exe (ID: 1528|ParentID: 1496|bureau)
C:WINDOWSsystem32carpserv.exe (ID: 1816|ParentID: 1528|bureau)
C:Program FilesFichiers communsJavaJava Updatejusched.exe (ID: 1824|ParentID: 1528|bureau)
C:Program FilesAdobeReader 9.0Readerreader_sl.exe (ID: 1836|ParentID: 1528|bureau)
C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe (ID: 1856|ParentID: 1528|bureau)
C:WINDOWSsystem32LVCOMSX.EXE (ID: 1864|ParentID: 1528|bureau)
C:Program FilesLogitechVideoLogiTray.exe (ID: 1872|ParentID: 1528|bureau)
C:WINDOWSSOUNDMAN.EXE (ID: 1884|ParentID: 1528|bureau)
C:WINDOWSsystem32ctfmon.exe (ID: 1900|ParentID: 1528|bureau)
C:Program FilesLogitechDesktop Messenger8876480ProgrambackWeb-8876480.exe (ID: 1916|ParentID: 1528|bureau)
C:Documents and SettingsAll UsersApplication Datawmimgmt.exe (ID: 2000|ParentID: 1940|bureau)
C:Program FilesLogitechVideoFxSvr2.exe (ID: 136|ParentID: 796|bureau)
C:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMStatus.exe (ID: 148|ParentID: 1528|bureau)
C:Program FilesWestern DigitalWD SmartWareFront ParlorWDSmartWare.exe (ID: 164|ParentID: 1528|bureau)
C:WINDOWSsystem32cmd.exe (ID: 880|ParentID: 2000|bureau)
C:WINDOWSsystem32findstr.exe (ID: 936|ParentID: 880|bureau)
C:Program FilesJavajre6binjqs.exe (ID: 1132|ParentID: 628|SYSTEM)
C:WINDOWSsystem32wdfmgr.exe (ID: 1516|ParentID: 628|SERVICE LOCAL)
C:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMService.exe (ID: 1760|ParentID: 628|SYSTEM)
C:Program FilesWestern DigitalWD SmartWareFront ParlorWDSmartWareBackgroundService.exe (ID: 1780|ParentID: 628|SYSTEM)
C:WINDOWSsystem32wuauclt.exe (ID: 484|ParentID: 984|SYSTEM)
C:WINDOWSsystem32alg.exe (ID: 2592|ParentID: 628|SERVICE LOCAL)
C:WINDOWSsystem32wuauclt.exe (ID: 3352|ParentID: 984|bureau)
C:Program FilesGoogleUpdateGoogleUpdate.exe (ID: 2696|ParentID: 984|SYSTEM)

################## | Autorun |

E:autorun.inf -> E:RECyCLERwmimgmt.com | VirusTotal – (41/48)
E:autorun.inf -> E:RECYCLERwmimgmt.com | VirusTotal – (41/48)
E:autorun.inf -> E:RECYCLERwmimgmt.com | VirusTotal – (41/48)

################## | Recherche générique |

Supprimé! E:FOUND.000.exe
Supprimé! E:Nouveau dossier.exe
Supprimé! F:Nouveau dossier (3).exe
Supprimé! E:Recyclerwmimgmt.com
Supprimé! F:Recyclerwmimgmt.com
Supprimé! F:test.exe
Supprimé! C:Documents and SettingsAll UsersApplication Datawmimgmt.exe
Supprimé! C:Documents and SettingsbureauBureauMai 2013_Ouistreham.exe
Supprimé! C:Documents and SettingsbureauBureauSOPHIE.exe
Supprimé! E:Job VL.exe
Supprimé! F:DSCG.exe
Supprimé! F:MPPVE3-COMMENTAIRES DOP MAR 13.exe
Supprimé! F:MPPVE.exe
Supprimé! F:Proforma WE.exe
Supprimé! F:RALLYE AUVERGNAT.exe
Supprimé! F:Anniv 30 ans SoJu.exe
Supprimé! F:vente.exe
Supprimé! F:ASSURANCES.exe
Supprimé! F:A IMPRIMER.exe
Supprimé! F:VISAS.exe
Supprimé! F:CIRCUS PARTY.exe
Supprimé! F:Courriers.exe
Supprimé! F:VL.exe
Supprimé! F:3-COMMENTAIRES DOP MAR 13.exe
Supprimé! F:Recherche Jobs.exe
Supprimé! F:World Tour 2013.exe
Supprimé! F:World Tour 2013ASSURANCES.exe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-1220945662-527237240-1606980848-1004Software….Mountpoints2{29dda026-c483-11de-8e65-001060670d25}
Supprimé! HKUS-1-5-21-1220945662-527237240-1606980848-1004Software….Mountpoints2{68b074c8-33ae-11df-8f1f-001060670d25}
Supprimé! HKUS-1-5-21-1220945662-527237240-1606980848-1004Software….Mountpoints2{b459a546-a6f6-11df-8fe8-001060670d25}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] Explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:WINDOWSsystem32userinit.exe,
04 – HKCU..Run : [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
04 – HKCU..Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:Program FilesFichiers communsAheadLibNMBgMonitor.exe”
04 – HKCU..Run : [msnmsgr] “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
04 – HKCU..Run : [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
04 – HKCU..Run : [LogitechSoftwareUpdate] “C:Program FilesLogitechVideoManifestEngine.exe” boot
04 – HKCU..Run : [wmi32] “C:Documents and SettingsAll UsersApplication Datawmimgmt.exe”
04 – HKLM..Run : [CARPService] carpserv.exe
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesFichiers communsJavaJava Updatejusched.exe”
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLM..Run : [Adobe ARM] “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
04 – HKLM..Run : [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
04 – HKLM..Run : [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
04 – HKLM..Run : [SoundMan] SOUNDMAN.EXE
04 – HKLM..RunOnce : [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA” onclick=”window.open(this.href);return false;”&”inst=NwA3AC0ANAAyADgAOQA4ADAAMAAxADkALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMwArADEALQBEAEQAVAArADUANwA0ADEANAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIARQBOACsAMQAtAFQAQgBOACsAMQAtAFUAOQA1ACsAMQAtAEwAOQAwAE0ASgArADIALQBGADkAMABNADEAMgBKAFQAKwAxAC0ARgA5ADAATQAxADIAUgArADEALQBWAEkAUAAxADIAKwAxAA”&”prod=90″&”ver=9.0.894
04 – HKUS-1-5-19..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-20..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
04 – HKUS-1-5-21-1220945662-527237240-1606980848-1004..Run : [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
04 – HKUS-1-5-21-1220945662-527237240-1606980848-1004..Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:Program FilesFichiers communsAheadLibNMBgMonitor.exe”
04 – HKUS-1-5-21-1220945662-527237240-1606980848-1004..Run : [msnmsgr] “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
04 – HKUS-1-5-21-1220945662-527237240-1606980848-1004..Run : [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
04 – HKUS-1-5-21-1220945662-527237240-1606980848-1004..Run : [LogitechSoftwareUpdate] “C:Program FilesLogitechVideoManifestEngine.exe” boot
04 – HKUS-1-5-21-1220945662-527237240-1606980848-1004..Run : [wmi32] “C:Documents and SettingsAll UsersApplication Datawmimgmt.exe”
04 – HKUS-1-5-18..Run : [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE

################## | C: %SystemDrive% – Disque Fixe (NTFS) |

[28/10/2009 – 18:14:03 | RASH | 0 Ko] – C:IO.SYS
[28/10/2009 – 18:14:03 | N | 0 Ko] – C:CONFIG.SYS
[28/10/2009 – 18:14:03 | RASH | 0 Ko] – C:MSDOS.SYS
[16/06/2014 – 06:53:18 | ASH | 1474560 Ko] – C:pagefile.sys
[28/10/2009 – 17:57:15 | SH | 0 Ko] – C:boot.ini
[14/04/2008 – 14:00:00 | N | 46 Ko | VirusTotal – (0/53)] – C:NTDETECT.COM
[14/04/2008 – 14:00:00 | N | 5 Ko] – C:Bootfont.bin
[28/10/2009 – 18:14:03 | A | 0 Ko] – C:AUTOEXEC.BAT
[14/04/2008 – 14:00:00 | RASH | 246 Ko] – C:ntldr
[28/10/2009 – 18:20:07 | SHD] – C:System Volume Information
[28/10/2009 – 18:36:51 | D] – C:Documents and Settings
[29/10/2009 – 11:45:52 | D] – C:pnp
[29/10/2009 – 14:11:42 | D] – C:$AVG
[19/12/2009 – 14:25:03 | D] – C:658ea913e76d0f82aac8876b5033
[27/10/2010 – 21:31:49 | RHD] – C:MSOCache
[06/12/2010 – 09:38:41 | D] – C:PILOTES
[16/12/2012 – 15:30:07 | SHD] – C:RECYCLER
[04/03/2013 – 22:53:38 | D] – C:Photos
[24/05/2014 – 15:02:05 | D] – C:Program Files
[14/06/2014 – 15:28:06 | D] – C:UsbFix
[16/06/2014 – 06:53:49 | D] – C:WINDOWS

################## | E: – Disque USB (FAT32) |

[24/12/2013 – 17:33:14 | N | 2 Ko] – E:AuToRUn.iNf
[14/01/2012 – 18:45:00 | D] – E:FOUND.000
[21/02/2012 – 10:35:24 | D] – E:Nouveau dossier
[03/11/2012 – 14:14:12 | D] – E:Job VL
[07/12/2013 – 06:18:38 | SHD] – E:RECYCLER

################## | F: – Disque USB (FAT) |

[21/11/2010 – 17:45:48 | N | 31 Ko] – F:SIMUL IRPP 2010-2011-2012.xls
[06/12/2010 – 19:40:18 | N | 38 Ko] – F:VOYAGES.xls
[03/04/2013 – 00:36:34 | N | 132 Ko] – F:Proforma SVG.xls
[01/09/2013 – 00:39:46 | N | 25 Ko] – F:Rewards Numbers.xls
[24/12/2013 – 16:50:10 | N | 56 Ko] – F:BUDGET HBG 2014.xls
[24/12/2013 – 17:05:16 | N | 576 Ko] – F:Bilan 2012 VF.xls
[06/02/2014 – 00:23:54 | N | 2130 Ko] – F:MER E    PARIS PORTE DE VERSAILLES EXPO 01-13  SYNTHESE.xls
[14/02/2013 – 11:59:40 | N | 898 Ko] – F:St Valentin 2013.ppt
[14/02/2013 – 11:59:52 | N | 898 Ko] – F:St Valentin 2013.pps
[25/04/2013 – 06:07:44 | N | 150 Ko] – F:Vueling SVG ORY-BCN.pdf
[24/12/2013 – 17:05:04 | N | 55 Ko] – F:Bilan 2012 VF.pdf
[05/02/2014 – 18:58:30 | N | 436 Ko] – F:GL 2014.pdf
[05/02/2014 – 18:58:46 | N | 430 Ko] – F:GL 2013.pdf
[05/02/2014 – 19:45:12 | N | 636 Ko] – F:Analyse soldes 2014.pdf
[06/02/2014 – 03:17:36 | N | 3 Ko] – F:BOOTEX.LOG
[14/06/2014 – 15:14:04 | N | 2 Ko] – F:AuToRUn.iNf
[04/12/2010 – 12:42:38 | N | 22 Ko] – F:SNCF.doc
[23/12/2010 – 19:03:02 | N | 1128 Ko] – F:BERLIN.doc
[15/04/2013 – 18:55:44 | N | 21 Ko] – F:Panda.doc
[09/08/2011 – 14:20:04 | N | 1740 Ko] – F:ROAD TRIP 2.bmp
[16/03/2011 – 10:10:52 | D] – F:Proforma WE
[24/11/2011 – 18:37:46 | D] – F:Nouveau dossier (3)
[21/09/2012 – 16:39:12 | D] – F:Anniv 30 ans SoJu
[10/04/2013 – 18:10:46 | D] – F:3-COMMENTAIRES DOP MAR 13
[17/05/2013 – 07:36:44 | D] – F:vente
[24/05/2013 – 16:48:36 | D] – F:VISAS
[28/05/2013 – 13:25:52 | D] – F:CIRCUS PARTY
[30/05/2013 – 21:17:32 | D] – F:VL
[05/06/2013 – 18:29:02 | D] – F:RALLYE AUVERGNAT
[06/06/2013 – 19:13:48 | D] – F:ASSURANCES
[17/09/2013 – 19:11:12 | D] – F:A IMPRIMER
[13/10/2013 – 20:36:30 | D] – F:DSCG
[18/10/2013 – 17:30:14 | SHD] – F:RECYCLER
[19/11/2013 – 22:14:10 | D] – F:Recherche Jobs
[19/11/2013 – 22:14:30 | D] – F:World Tour 2013
[19/11/2013 – 22:25:18 | D] – F:MPPVE
[19/11/2013 – 22:32:20 | D] – F:Courriers
[11/12/2013 – 22:55:38 | D] – F:test

################## | Vaccin |

E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:247f546h]

Y a t il autre chose à faire ?