Scan avec USBFIX et apres? Fermé

Question

Bonjour, 



J'ai un soucis de virus, j'ai fais un scan avec USBFIX et maintenant je poste le rapport si j'ai bien compris.

Et après? 

############################## | UsbFix V 7.165 | [Research]

User: WIN7 (Administrator) # WIN7-PC
Updated 20/02/2014 by El Desaparecido - Team SosVirus
Started at 17:28:55 | 21/02/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Dell Inc. (0M54MP)
CPU: Intel(R) Core(TM) i3 CPU       M 380  @ 2.53GHz
RAM -> [Total : 1909 Mo| Free : 1107 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Google Chrome : 33.0.1750.117

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 47 Gb (14 Mb free - 30%) [] # NTFS
D:\ -> Fixed drive # 209 Gb (187 Mb free - 89%) [DATA] # NTFS
E:\ -> Fixed drive # 209 Gb (196 Mb free - 94%) [DATA] # NTFS

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID: 432 |ParentID: 416)
C:\Windows\system32\wininit.exe (ID: 484 |ParentID: 416)
C:\Windows\system32\csrss.exe (ID: 492 |ParentID: 476)
C:\Windows\system32\services.exe (ID: 540 |ParentID: 484)
C:\Windows\system32\lsass.exe (ID: 556 |ParentID: 484)
C:\Windows\system32\lsm.exe (ID: 564 |ParentID: 484)
C:\Windows\system32\winlogon.exe (ID: 596 |ParentID: 476)
C:\Windows\system32\svchost.exe (ID: 720 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 812 |ParentID: 540)
C:\Windows\system32\atiesrxx.exe (ID: 876 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 932 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 968 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1008 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1056 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1244 |ParentID: 540)
C:\Windows\system32\atieclxx.exe (ID: 1416 |ParentID: 876)
C:\Windows\system32\svchost.exe (ID: 1468 |ParentID: 540)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ID: 1520 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 1656 |ParentID: 540)
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (ID: 1740 |ParentID: 540)
C:\Windows\system32\WLANExt.exe (ID: 1748 |ParentID: 968)
C:\Windows\system32\conhost.exe (ID: 1756 |ParentID: 432)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1804 |ParentID: 540)
C:\Windows\System32\spoolsv.exe (ID: 2040 |ParentID: 540)
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_92dbc85c81034340\aestsrv.exe (ID: 384 |ParentID: 540)
C:\Windows\system32\wbem\unsecapp.exe (ID: 736 |ParentID: 720)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1888 |ParentID: 540)
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (ID: 1456 |ParentID: 540)
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ID: 1500 |ParentID: 540)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2160 |ParentID: 720)
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2196 |ParentID: 540)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ID: 2352 |ParentID: 540)
C:\Windows\system32\svchost.exe (ID: 2464 |ParentID: 540)
C:\Program Files\SecretSauce\updateSecretSauce.exe (ID: 2992 |ParentID: 540)
C:\Program Files\SecretSauce\bin\utilSecretSauce.exe (ID: 3228 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3340 |ParentID: 540)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3444 |ParentID: 3340)
C:\Windows\system32\svchost.exe (ID: 3668 |ParentID: 540)
C:\Windows\System32\WUDFHost.exe (ID: 3804 |ParentID: 968)
C:\Windows\system32	askhost.exe (ID: 3900 |ParentID: 540)
C:\Windows\system32\Dwm.exe (ID: 2132 |ParentID: 968)
C:\Windows\Explorer.EXE (ID: 3100 |ParentID: 4084)
C:\Windows\system32\svchost.exe (ID: 3164 |ParentID: 540)
C:\Windows\System32undll32.exe (ID: 4072 |ParentID: 720)
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (ID: 2788 |ParentID: 3100)
C:\Program Files\Dell\QuickSet\quickset.exe (ID: 2944 |ParentID: 3100)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID: 2820 |ParentID: 3100)
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ID: 3496 |ParentID: 3100)
C:\Windows\PixArt\Pac207\Monitor.exe (ID: 1880 |ParentID: 3100)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3948 |ParentID: 3100)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4068 |ParentID: 3100)
C:\Windows\System32\igfxtray.exe (ID: 4012 |ParentID: 3100)
C:\Windows\System32\hkcmd.exe (ID: 2584 |ParentID: 3100)
C:\Windows\System32\igfxpers.exe (ID: 3924 |ParentID: 3100)
C:\Windows\system32\wbem\unsecapp.exe (ID: 2680 |ParentID: 720)
C:\Program Files\Skype\Phone\Skype.exe (ID: 3000 |ParentID: 3100)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 3912 |ParentID: 3100)
C:\Windows\system32\SearchIndexer.exe (ID: 4180 |ParentID: 540)
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 2216 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 5504 |ParentID: 540)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5552 |ParentID: 540)
C:\Program Files\Common Files\Java\Java Update\jucheck.exe (ID: 3156 |ParentID: 3948)
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (ID: 5404 |ParentID: 2268)
C:\Windows\system32\WLANExt.exe (ID: 4808 |ParentID: 968)
C:\Windows\system32\conhost.exe (ID: 4668 |ParentID: 432)
C:\Windows\system32\WLANExt.exe (ID: 4196 |ParentID: 968)
C:\Windows\system32\conhost.exe (ID: 3116 |ParentID: 432)
C:\Windows\system32\WLANExt.exe (ID: 1396 |ParentID: 968)
C:\Windows\system32\conhost.exe (ID: 6012 |ParentID: 432)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (ID: 1712 |ParentID: 3100)
C:\Windows\system32\SearchProtocolHost.exe (ID: 1516 |ParentID: 4180)
C:\Windows\system32\SearchFilterHost.exe (ID: 3236 |ParentID: 4180)
C:\Windows\system32\igfxsrvc.exe (ID: 1840 |ParentID: 720)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2796 |ParentID: 720)

################## | Regedit Run |

04 - HKCU\..\Run : [AdobeBridge] 
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [Cubiez] C:\Users\WIN7\AppData\Local\Cubiez\Cubiez.exe
04 - HKLM\..\Run : [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
04 - HKLM\..\Run : [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
04 - HKLM\..\Run : [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
04 - HKLM\..\Run : [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\RunOnce : [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\87ee7568-56b4-479a-beb4-b0ee2114120b.exe /check
04 - HKLM\..\RunOnce : [] 
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1936908455-3421525627-4259181564-1000\..\Run : [AdobeBridge] 
04 - HKU\S-1-5-21-1936908455-3421525627-4259181564-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1936908455-3421525627-4259181564-1000\..\Run : [Cubiez] C:\Users\WIN7\AppData\Local\Cubiez\Cubiez.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Found ! C:\Windows\system32\loader.exe

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorUser -> 0

################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |

Malekal_morte- · Answer

Salut,

Faire suppression sur USBFix.

Scan avec USBFIX et apres?

1 réponse

Discussions similaires

Newsletters