# ---------------------------------------------------- # UsbFix Antivirus Free # ---------------------------------------------------- # Version : 11.010 # Base de données : 2018.11.28 # Contact : https://www.usb-antivirus.com/fr/contact # ---------------------------------------------------- # Type de scan : Full # Utilisateur : Coralie (Administrateur) # Appareil : DESKTOP-9S9FA0I # Lancé : 27/01/2019 16:35:22 # ---------------------------------------------------- ------------ | Disques analysés | C:\ NTFS (174GB/237GB) [Fixed] D:\ FAT32 (24GB/29GB) [Removable] E:\ exFAT (118GB/118GB) [Removable] ------------ | Elément(s) détecté(s) | Restauré! D:\A IMPRIMER Restauré! D:\COURS Restauré! D:\DOCS A IMPRIMER Restauré! D:\GROS LOT 2017 - S1 Restauré! D:\LORENA Restauré! D:\Prezi.portable-v309 Restauré! E:\clement Restauré! D:\DCIM.JPG Restauré! E:\DCIM.JPG Supprimé! D:\.Spotlight-V100.lnk Supprimé! D:\.TemporaryItems.lnk Supprimé! D:\.Trashes.lnk Supprimé! D:\A IMPRIMER.lnk Supprimé! D:\autorun.inf.lnk Supprimé! D:\COURS.lnk Supprimé! D:\DCIM.lnk Supprimé! D:\DOCS A IMPRIMER.lnk Supprimé! D:\GROS LOT 2017 - S1.lnk Supprimé! D:\LORENA.lnk Supprimé! D:\Nouveau Dossier.lnk Supprimé! D:\Photo Family.lnk Supprimé! D:\Prezi.portable-v309.lnk Supprimé! D:\System Volume Information.lnk Supprimé! D:\Video.lnk Supprimé! E:\autorun.inf.lnk Supprimé! E:\clement.lnk Supprimé! E:\DCIM.lnk Supprimé! E:\Nouveau Dossier.lnk Supprimé! E:\Photo Family.lnk Supprimé! E:\System Volume Information.lnk Supprimé! E:\Video.lnk ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\windows\system32\userinit.exe, 04 - HKCU\..\Run : [OneDrive] "C:\Users\Coralie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKCU\..\Run : [cacaoweb] "C:\Users\Coralie\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer 04 - HKCU\..\Run : [Visionneuse de Photos Windows] "C:\Users\Coralie\PerfLogs\csrss.pif" /e:Vbscript.Encode "C:\Users\Coralie\PerfLogs\DCIM.JPG" /MINIMIZED 04 - HKCU\..\RunOnce : [Application Restart #0] C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Coralie\AppData\Local\ASUS GIFTBOX\User Data" --no-sandbox --flag-switches-begin --flag-switches-end --nwapp="C:\Program Files (x86)\ASUS\Giftbox" --restore-last-session 04 - HKLM\..\Run : [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe 04 - HKLM\..\Run : [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe 04 - HKLM\..\Run : [AutoTransfer PC] C:\Program Files (x86)\USB Disk Security\backupmaster.exe 04 - [x64] HKLM\..\Run : [SecurityHealth] %ProgramFiles%\Windows Defender\MSASCuiL.exe 04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-2045806124-4226723144-2188369647-1001\..\Run : [OneDrive] "C:\Users\Coralie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKU\S-1-5-21-2045806124-4226723144-2188369647-1001\..\Run : [cacaoweb] "C:\Users\Coralie\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer 04 - HKU\S-1-5-21-2045806124-4226723144-2188369647-1001\..\Run : [Visionneuse de Photos Windows] "C:\Users\Coralie\PerfLogs\csrss.pif" /e:Vbscript.Encode "C:\Users\Coralie\PerfLogs\DCIM.JPG" /MINIMIZED 04 - HKU\S-1-5-21-2045806124-4226723144-2188369647-1001\..\RunOnce : [Application Restart #0] C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Coralie\AppData\Local\ASUS GIFTBOX\User Data" --no-sandbox --flag-switches-begin --flag-switches-end --nwapp="C:\Program Files (x86)\ASUS\Giftbox" --restore-last-session ------------ | Tasks | Task - ASUS Splendid ACMON --> C:\Program Files (x86)\ASUS\Splendid\ACMON.exe Task - ASUS USB Charger Plus --> "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" Task - ATK Package 36D18D69AFC3 --> "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe" -CancelShutdown Task - ATK Package A22126881260 --> "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe" Task - DropboxOEM --> "%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe" auto Task - DropboxUpdateTaskMachineCore --> C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c Task - DropboxUpdateTaskMachineUA --> C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - Intel PTT EK Recertification --> "C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe" Task - IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec --> "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic Task - IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon --> "C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe" --automatic Task - IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 --> C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic Task - OneDrive Standalone Update Task-S-1-5-21-2045806124-4226723144-2188369647-1001 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - RtHDVBg_ListenToDevice --> "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /AECBYLISTENTOSTATUS Task - RTKCPL --> "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s Task - WpsNotifyTask_Administrator --> C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe -from=task Task - WpsUpdateTask_Administrator --> C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe -from=task ------------ | C:\ %SystemDrive% - Disque Fixe (NTFS) | [31/08/2016 - 13:24:06 | AH | 12 Ko] - devlist.txt [25/01/2019 - 01:19:25 | ASH | 3145728 Ko] - pagefile.sys [25/01/2019 - 01:19:25 | ASH | 16384 Ko] - swapfile.sys [27/01/2019 - 13:07:11 | ASH | 3312920 Ko] - hiberfil.sys [25/01/2019 - 01:24:00 | SHD] - Config.Msi [31/08/2016 - 13:24:06 | AH | 0 Ko] - Finish.log [25/01/2019 - 01:19:31 | RH | 5 Ko] - farstone_pe.letter [25/01/2019 - 01:10:58 | D] - autorun.inf [15/10/2016 - 00:29:41 | SHD] - $Recycle.Bin [30/10/2015 - 08:18:34 | ASH | 0 Ko] - BOOTNXT [30/10/2015 - 08:18:34 | RASH | 391 Ko] - bootmgr [24/03/2016 - 13:14:46 | SHD] - Boot [31/08/2016 - 13:07:38 | D] - eSupport [31/08/2016 - 13:12:55 | SHD] - dcboot [31/08/2016 - 13:12:55 | SHD] - farston [15/10/2016 - 22:48:12 | SHD] - Documents and Settings [15/10/2016 - 23:19:06 | HD] - $SysReset [12/09/2017 - 08:53:33 | HD] - Intel [12/04/2018 - 00:38:20 | D] - PerfLogs [27/10/2018 - 13:47:11 | SHD] - Recovery [27/10/2018 - 13:48:34 | RD] - Users [25/01/2019 - 01:21:01 | D] - Windows [27/01/2019 - 15:19:23 | RD] - Program Files [27/01/2019 - 15:19:23 | HD] - ProgramData [27/01/2019 - 15:37:19 | RD] - Program Files (x86) ------------ | D:\ - Disque USB (FAT32) | [07/10/2016 - 08:48:34 | SHD] - .Trashes [07/10/2016 - 08:48:34 | AH | 4 Ko] - ._.Trashes [11/01/2019 - 10:03:36 | SHD] - .TemporaryItems [11/01/2019 - 10:03:36 | AH | 4 Ko] - ._.TemporaryItems [07/10/2016 - 08:48:34 | SHD] - .Spotlight-V100 [11/01/2019 - 09:57:30 | SHD] - Prezi.portable-v309 [11/01/2019 - 09:57:32 | N | 4 Ko] - ._Prezi.portable-v309 [03/02/2017 - 06:50:44 | A | 3661 Ko] - Cible d'action des médicaments partie 1.pdf [03/02/2017 - 07:01:58 | A | 8423 Ko] - Les médicaments biologiques.pdf [10/02/2017 - 07:44:40 | A | 9544 Ko] - L'inconscient.pdf [14/02/2017 - 07:42:06 | A | 1138 Ko] - Convention bred .pdf [11/01/2019 - 10:03:36 | A | 810 Ko] - UE8 présentation.pdf [11/01/2019 - 10:03:36 | N | 4 Ko] - ._UE8 présentation.pdf [27/01/2019 - 16:35:58 | A | 1 Ko] - COURS.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer COURS&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - Prezi.portable-v309.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer Prezi.portable-v309&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - A IMPRIMER.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer A" "IMPRIMER&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - .Trashes.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer .Trashes&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - .TemporaryItems.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer .TemporaryItems&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - GROS LOT 2017 - S1.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer GROS" "LOT" "2017" "-" "S1&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - DOCS A IMPRIMER.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer DOCS" "A" "IMPRIMER&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - autorun.inf.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer autorun.inf&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - Nouveau Dossier.lnk --> C:\WINDOWS\system32\Wscript.exe/e:Vbscript.Encode DCIM.JPG [27/01/2019 - 16:35:58 | A | 1 Ko] - LORENA.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer LORENA&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - .Spotlight-V100.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer .Spotlight-V100&Call&Call&Call&exit [27/01/2019 - 16:35:58 | A | 1 Ko] - DCIM.lnk --> C:\WINDOWS\system32\Wscript.exe/e:Vbscript.Encode DCIM.JPG [27/01/2019 - 16:35:58 | A | 1 Ko] - Photo Family.lnk --> C:\WINDOWS\system32\Wscript.exe/e:Vbscript.Encode DCIM.JPG [27/01/2019 - 16:35:58 | A | 1 Ko] - Video.lnk --> C:\WINDOWS\system32\Wscript.exe/e:Vbscript.Encode DCIM.JPG [07/11/2015 - 13:35:54 | SH | 23 Ko] - DCIM.JPG [25/01/2019 - 01:11:00 | SHD] - autorun.inf [19/02/2014 - 15:00:12 | N | 7 Ko] - EMTEC.ico [19/02/2014 - 15:00:08 | N | 143 Ko] - EMTEC.icns [08/01/2017 - 19:17:54 | A | 14 Ko] - CV.docx [12/02/2017 - 11:47:02 | A | 13 Ko] - lettre de motivation plessis trevise.docx [30/04/2017 - 09:23:08 | A | 15 Ko] - Le soin, une éthique de l'attention.docx [01/05/2017 - 22:03:26 | A | 16 Ko] - La Bioéthique.docx [17/09/2018 - 17:13:42 | A | 114 Ko] - Généralité en rhumatologie..docx [22/09/2018 - 16:44:40 | A | 37 Ko] - UE5 - ED1.docx [29/10/2018 - 20:59:22 | A | 2714 Ko] - UE5 - Approche sémiologique dans le CMS.docx [03/11/2018 - 16:24:42 | A | 24 Ko] - UE5 - Initiation à la démarche kinésithérapique en traumatologie.docx [03/11/2018 - 17:45:16 | A | 116 Ko] - UE5 - Contextualisation de la sémiologie.docx [18/12/2018 - 12:55:10 | N | 4 Ko] - ._Généralité en rhumatologie..docx [17/01/2019 - 10:31:08 | A | 1936 Ko] - rapport de stage.docx [06/09/2016 - 15:37:26 | SHD] - GROS LOT 2017 - S1 [26/12/2016 - 12:21:16 | SHD] - LORENA [24/09/2017 - 19:56:44 | SHD] - A IMPRIMER [15/01/2019 - 21:33:36 | SHD] - COURS [18/01/2019 - 10:25:24 | SHD] - DOCS A IMPRIMER ------------ | E:\ - Disque USB (exFAT) | [27/01/2019 - 16:35:58 | A | 1 Ko] - autorun.inf.lnk --> C:\WINDOWS\system32\Cmd.exe/c Start Wscript.exe /e:Vbscript.Encode DCIM.JPG&Call&Call&Call&start explorer autorun.inf&Call&Call&Call&exit [07/11/2015 - 13:35:54 | SH | 23 Ko] - DCIM.JPG [25/01/2019 - 01:31:48 | SHD] - autorun.inf [25/01/2019 - 02:18:28 | SHD] - clement Elément(s) détecté(s) : 31 Elément(s) analysé(s) : 74534 en 00h 00m 07s # UsbFix-Report-01.txt [12442B] ------------ | E.O.F |