Répondre à : Clé USB infectée 2016-09-08T13:46:34+00:00
Fakourou
Participant
Nombre d'articles : 2

Merci beaucoup pour ta réactivité !!

Voici le nouveau rapport :

[spoiler:h4j325r0]############################## | UsbFix V 7.171 | [Nettoyage]

Utilisateur: Marion (Administrateur) # ORDI_MARION
Mis à jour le 18/05/2014 par El Desaparecido – SosVirus
Lancé à 11:14:48 | 17/06/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: ASUSTeK Computer INC. (1201HA)
CPU: Intel(R) Atom(TM) CPU Z520 @ 1.33GHz
RAM -> [Total : 1014 Mo| Free : 65 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17126
WB: Google Chrome : 35.0.1916.153

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]

C: (%SystemDrive%) -> Disque fixe # 100 Go (49 Go libre(s) – 49%) [] # NTFS
D: -> Disque fixe # 123 Go (123 Go libre(s) – 100%) [] # NTFS
E: -> Disque amovible # 15 Go (11 Go libre(s) – 74%) [LALIA LOUIS] # FAT32

################## | Processus Stoppés |

C:WindowsSystem32spoolsv.exe (ID: 1528|ParentID: 576|Système)
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1796|ParentID: 576|Système)
C:WindowsSystem32AsusService.exe (ID: 1828|ParentID: 576|Système)
C:Program FilesBonjourmDNSResponder.exe (ID: 1860|ParentID: 576|Système)
C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50ST7.EXE (ID: 1900|ParentID: 576|Système)
C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RP7.EXE (ID: 1932|ParentID: 576|Système)
C:WindowsSystem32taskhost.exe (ID: 2992|ParentID: 576|Marion)
C:Windowsexplorer.exe (ID: 3088|ParentID: 3048|Marion)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 3340|ParentID: 3088|Marion)
C:Program FilesEeePCHotkeyServiceHotKeyMon.exe (ID: 3508|ParentID: 1828|Système)
C:WindowsAsScrPro.exe (ID: 3516|ParentID: 3088|Marion)
C:Program FilesSynapticsSynTPSynAsusAcpi.exe (ID: 3640|ParentID: 3088|Marion)
C:Program FilesEeePCHotkeyServiceHotkeyService.exe (ID: 3668|ParentID: 1828|Système)
C:WindowsSystem32igfxtray.exe (ID: 3680|ParentID: 3088|Marion)
C:WindowsSystem32hkcmd.exe (ID: 3688|ParentID: 3088|Marion)
C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 3816|ParentID: 3088|Marion)
C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 3836|ParentID: 3088|Marion)
C:Program FilesEeePCSHESuperHybridEngine.exe (ID: 3864|ParentID: 1828|Système)
C:Program FilesWindows Sidebarsidebar.exe (ID: 3980|ParentID: 3088|Marion)
C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 4080|ParentID: 3340|Marion)
C:WindowsSystem32SearchIndexer.exe (ID: 1896|ParentID: 576|Système)
C:UsersMarionAppDataRoamingDropboxbinDropbox.exe (ID: 112|ParentID: 3088|Marion)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2800|ParentID: 576|SERVICE RÉSEAU)
C:Program FilesOpenOffice.org 3programsoffice.exe (ID: 2908|ParentID: 2284|Marion)
C:Program FilesOpenOffice.org 3programsoffice.bin (ID: 3180|ParentID: 2908|Marion)
C:WindowsSystem32wbemunsecapp.exe (ID: 2780|ParentID: 692|Marion)
C:WindowsSystem32taskhost.exe (ID: 4120|ParentID: 576|Marion)
C:WindowsSystem32WUDFHost.exe (ID: 5928|ParentID: 908|SERVICE LOCAL)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3792|ParentID: 3088|Marion)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 540|ParentID: 3792|Marion)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6120|ParentID: 3792|Marion)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5068|ParentID: 3792|Marion)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4540|ParentID: 3792|Marion)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4956|ParentID: 3792|Marion)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2336|ParentID: 3792|Marion)

################## | Autorun |

################## | Recherche générique |

Supprimé! E:Photos de voeux .scr
Supprimé! E:Photos divers .scr
Supprimé! E:Chansons Maternelles .scr
Supprimé! E:RAP FRANCAIS .scr
Supprimé! E:PLAYLIST H SHYNNE .scr
Supprimé! E:Mariage Hadri et S .scr
Supprimé! E:DOC BPJEPS .scr
Supprimé! E:Photo P .scr
Supprimé! E:DOC Accueil .scr
Supprimé! E:Polé emploi .scr
Supprimé! E:BPJEPS loisirs tous publics .scr
Supprimé! E:DOC .scr
Supprimé! E:SysAnti.exe
Supprimé! E:Thumbs .db
Supprimé! E:Photos diversphotos irlande .scr
Supprimé! E:Photos diversDublin, Cork .scr
Supprimé! E:Photos diversphoto été 2012 .scr

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-1764263354-3130586406-1734446244-1001Software….Mountpoints2F
Supprimé! HKUS-1-5-21-1764263354-3130586406-1734446244-1001Software….Mountpoints2{5aca3786-b762-11df-a60b-20cf30058446}

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
04 – HKLM..Run : [HotkeyMon] AsusSender.exe C:Program FilesEeePCHotkeyServiceHotKeyMon.exe
04 – HKLM..Run : [HotkeyService] AsusSender.exe C:Program FilesEeePCHotkeyServiceHotkeyService.exe
04 – HKLM..Run : [ASUS Screen Saver Protector] C:WindowsAsScrPro.exe
04 – HKLM..Run : [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLM..Run : [SynAsusAcpi] %ProgramFiles%SynapticsSynTPSynAsusAcpi.exe
04 – HKLM..Run : [SuperHybridEngine] AsusSender.exe C:Program FilesEeePCSHESuperHybridEngine.exe
04 – HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM..Run : [IgfxExt] C:Windowssystem32IgfxExt.exe /RegServer
04 – HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1764263354-3130586406-1734446244-1001..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-18..RunOnce : [SPReview] “C:windowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | C: %SystemDrive% – Disque Fixe (NTFS) |

[10/06/2009 – 23:42:20 | N | 0 Ko] – C:config.sys
[17/06/2014 – 07:51:53 | ASH | 778696 Ko] – C:hiberfil.sys
[17/06/2014 – 10:19:16 | ASH | 1303552 Ko] – C:pagefile.sys
[18/12/2009 – 17:19:51 | N | 2 Ko] – C:RHDSetup.log
[02/12/2011 – 08:43:36 | HD] – C:$Recycle.Bin
[10/06/2009 – 23:42:20 | A | 0 Ko] – C:autoexec.bat
[14/07/2009 – 04:37:05 | D] – C:PerfLogs
[14/07/2009 – 06:53:55 | SHD] – C:Documents and Settings
[07/12/2009 – 16:10:40 | D] – C:Intel
[03/09/2010 – 15:29:44 | SHD] – C:Recovery
[03/09/2010 – 15:31:21 | D] – C:Users
[14/11/2010 – 14:47:26 | D] – C:PRONOTE 2010
[20/11/2010 – 14:40:07 | RASH | 375 Ko] – C:bootmgr
[22/02/2012 – 17:40:16 | D] – C:E-Cam
[16/09/2012 – 19:16:54 | N | 0 Ko] – C:END
[21/03/2013 – 21:44:37 | SHD] – C:Boot
[16/06/2014 – 14:46:49 | HD] – C:ProgramData
[16/06/2014 – 14:46:49 | D] – C:Program Files
[16/06/2014 – 14:50:47 | D] – C:Windows
[16/06/2014 – 23:43:50 | SHD] – C:System Volume Information
[17/06/2014 – 10:18:41 | D] – C:UsbFix

################## | D: – Disque Fixe (NTFS) |

[03/09/2010 – 15:47:59 | HD] – D:$RECYCLE.BIN
[04/09/2010 – 07:20:57 | SHD] – D:System Volume Information
[21/11/2010 – 10:31:23 | D] – D:6601ad2c8f9bcfd31f36306bf069af
[30/07/2013 – 14:05:11 | D] – D:a0d31057ff67d33a6b

################## | E: – Disque USB (FAT32) |

[05/03/2014 – 09:41:00 | N | 2807 Ko] – E:DOC BPJEPS.zip
[12/03/2014 – 10:18:30 | N | 0 Ko] – E:WMPInfo.xml
[21/01/2013 – 14:38:10 | N | 1 Ko] – E:returnLabel-862485.txt
[04/08/2012 – 15:01:18 | AH | 4 Ko] – E:._.Trashes
[04/08/2012 – 15:01:18 | HD] – E:.Trashes
[04/08/2012 – 15:01:18 | HD] – E:.Spotlight-V100
[10/03/2014 – 23:20:02 | N | 38 Ko] – E:Lettre de pôle emploi à remplir.pdf
[11/03/2014 – 17:49:26 | N | 26 Ko] – E:Formulaire demande de financement BAFA.pdf
[14/03/2014 – 10:00:26 | N | 1 Ko] – E:BOOTEX.LOG
[31/03/2008 – 04:16:24 | N | 273 Ko] – E:Photo identité.JPG
[04/09/2012 – 13:47:58 | N | 99 Ko] – E:CV ousmane.doc
[13/09/2013 – 13:19:38 | N | 1050 Ko] – E:Doc1.doc
[13/09/2013 – 13:19:48 | N | 679 Ko] – E:Doc2.doc
[27/01/2013 – 21:19:34 | D] – E:Photos divers
[15/03/2013 – 18:02:38 | D] – E:DOC
[24/11/2013 – 14:22:34 | D] – E:DOC BPJEPS
[24/11/2013 – 14:30:02 | D] – E:DOC Accueil
[27/11/2013 – 10:05:10 | D] – E:RAP FRANCAIS
[26/12/2013 – 20:12:38 | D] – E:Photo P
[03/01/2014 – 13:43:40 | D] – E:Photos de voeux
[20/02/2014 – 20:50:30 | D] – E:Mariage Hadri et S
[12/03/2014 – 10:42:16 | D] – E:PLAYLIST H SHYNNE
[27/03/2014 – 15:43:42 | D] – E:Chansons Maternelles
[31/03/2014 – 19:38:02 | D] – E:Polé emploi
[31/03/2014 – 21:57:08 | D] – E:BPJEPS loisirs tous publics

################## | Vaccin |

D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:h4j325r0]