ports USB de l’ordinateur infecté 2013-11-22T17:27:50+00:00
  • Auteur
    Messages
  • Photo du profil de Marion01Marion01
    Participant
    Nombre d'articles : 2

    Bonjour, je ne comprends pas grand chose à l’informatique.
    J’ai un virus sur les ports USB de mon ordinateur qui infecte toutes clés USB que je connecte.
    On m’a dit de télécharger USBfix mais le tutoriel me renvoie sur votre site.
    Est-ce que vous pourriez m’expliquer comment faire pour vacciner mon ordi ?

    Voilà le rapport que la “recherche” dans usbfix a donné:

    ############################## | UsbFix V 7.152 | [Recherche]

    Utilisateur: util (Administrateur) # UTIL-VAIO
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 18:06:49 | 22/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Sony Corporation (VAIO)
    CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
    RAM -> [Total : 3950 | Free : 2120]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Google Chrome : 0.0.0.0
    WB: Mozilla Firefox : 25.0.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AS: Windows Defender [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 455 Go (76 Go libre(s) – 17%) [] # NTFS
    E: -> CD-ROM
    G: -> Disque amovible # 4 Go (2 Go libre(s) – 54%) [MARION] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 536 |ParentID: 528)
    C:Windowssystem32wininit.exe (ID: 608 |ParentID: 528)
    C:Windowssystem32csrss.exe (ID: 636 |ParentID: 620)
    C:Windowssystem32services.exe (ID: 676 |ParentID: 608)
    C:Windowssystem32winlogon.exe (ID: 712 |ParentID: 620)
    C:Windowssystem32lsass.exe (ID: 724 |ParentID: 608)
    C:Windowssystem32lsm.exe (ID: 732 |ParentID: 608)
    C:Windowssystem32svchost.exe (ID: 844 |ParentID: 676)
    C:Windowssystem32svchost.exe (ID: 940 |ParentID: 676)
    C:Windowssystem32atiesrxx.exe (ID: 1004 |ParentID: 676)
    C:WindowsSystem32svchost.exe (ID: 400 |ParentID: 676)
    C:WindowsSystem32svchost.exe (ID: 532 |ParentID: 676)
    C:Windowssystem32svchost.exe (ID: 668 |ParentID: 676)
    C:Windowssystem32svchost.exe (ID: 788 |ParentID: 676)
    C:Windowssystem32svchost.exe (ID: 1196 |ParentID: 676)
    C:Windowssystem32atieclxx.exe (ID: 1312 |ParentID: 1004)
    C:WindowsSystem32spoolsv.exe (ID: 1580 |ParentID: 676)
    C:Windowssystem32svchost.exe (ID: 1652 |ParentID: 676)
    C:Windowssystem32taskhost.exe (ID: 1832 |ParentID: 676)
    C:Windowssystem32taskeng.exe (ID: 1920 |ParentID: 788)
    C:Windowssystem32Dwm.exe (ID: 1984 |ParentID: 532)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1992 |ParentID: 676)
    C:WindowsExplorer.EXE (ID: 2000 |ParentID: 1976)
    C:Program Files (x86)SonySetting Utility SeriesWBCBatteryCare.exe (ID: 2020 |ParentID: 1920)
    C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 728 |ParentID: 676)
    C:Program FilesSonyVAIO CareVAIOCareService.exe (ID: 1764 |ParentID: 1920)
    C:Program FilesSonyVAIO Update 5VAIOUpdt.exe (ID: 1700 |ParentID: 1920)
    C:Program FilesSonyVAIO Power ManagementSPMgr.exe (ID: 1888 |ParentID: 1920)
    C:Program FilesBonjourmDNSResponder.exe (ID: 2380 |ParentID: 676)
    C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 2648 |ParentID: 676)
    C:Program Files (x86)CanonIJPLMIJPLMSVC.EXE (ID: 2776 |ParentID: 676)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2800 |ParentID: 2000)
    C:Program FilesJavajre6binjusched.exe (ID: 2820 |ParentID: 2000)
    C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 2904 |ParentID: 2800)
    C:Program FilesCanonMyPrinterBJMYPRT.EXE (ID: 2912 |ParentID: 2000)
    C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID: 2984 |ParentID: 2000)
    C:UsersutilAppDataRoamingcacaowebcacaoweb.exe (ID: 2996 |ParentID: 2000)
    C:WindowsSystem32StikyNot.exe (ID: 3004 |ParentID: 2000)
    C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID: 3032 |ParentID: 2000)
    C:UsersutilAppDataRoamingDropboxbinDropbox.exe (ID: 2472 |ParentID: 2000)
    C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.EXE (ID: 1176 |ParentID: 2000)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 2840 |ParentID: 676)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID: 2620 |ParentID: 3020)
    C:Program Files (x86)SONYISB UtilityISBMgr.exe (ID: 2608 |ParentID: 3020)
    C:Program Files (x86)SONYPMBPMBVolumeWatcher.exe (ID: 2752 |ParentID: 3020)
    C:Program Files (x86)SONYMarketing ToolsMarketingTools.exe (ID: 2496 |ParentID: 3020)
    C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 2532 |ParentID: 3020)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 3012 |ParentID: 2956)
    C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (ID: 3128 |ParentID: 676)
    C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe (ID: 3316 |ParentID: 3020)
    C:Program Files (x86)iTunesiTunesHelper.exe (ID: 3336 |ParentID: 3020)
    C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE (ID: 3492 |ParentID: 3020)
    C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe (ID: 3524 |ParentID: 3020)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 3604 |ParentID: 3020)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 4000 |ParentID: 3012)
    C:Program FilesSonyVAIO CareVCsystray.exe (ID: 3120 |ParentID: 1920)
    C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 2956 |ParentID: 676)
    C:Windowssystem32svchost.exe (ID: 3816 |ParentID: 676)
    C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe (ID: 3156 |ParentID: 676)
    C:Program Files (x86)SONYVAIO Event ServiceVESMgr.exe (ID: 4104 |ParentID: 676)
    C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe (ID: 4156 |ParentID: 676)
    C:Windowssplwow64.exe (ID: 4260 |ParentID: 3492)
    C:Program FilesSonyVAIO Smart NetworkVSNService.exe (ID: 4328 |ParentID: 676)
    C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe (ID: 4392 |ParentID: 676)
    C:WindowsSystem32svchost.exe (ID: 4412 |ParentID: 676)
    C:Program FilesSonyVAIO Smart NetworkVSNClient.exe (ID: 4492 |ParentID: 4328)
    C:WindowsSysWOW64DllHost.exe (ID: 4836 |ParentID: 844)
    C:Program Files (x86)SONYVAIO Event ServiceVESMgrSub.exe (ID: 1828 |ParentID: 4104)
    C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 4060 |ParentID: 676)
    C:Program FilesiPodbiniPodService.exe (ID: 5108 |ParentID: 676)
    C:Program FilesSonyVAIO Power ManagementSPMService.exe (ID: 5172 |ParentID: 676)
    C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 5204 |ParentID: 676)
    C:Windowssystem32SearchIndexer.exe (ID: 5288 |ParentID: 676)
    C:Windowssystem32svchost.exe (ID: 5536 |ParentID: 676)
    C:Windowssystem32svchost.exe (ID: 5764 |ParentID: 676)
    C:WindowsSystem32WUDFHost.exe (ID: 5812 |ParentID: 532)
    C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe (ID: 6000 |ParentID: 844)
    C:Windowssystem32wbemwmiprvse.exe (ID: 5328 |ParentID: 844)
    C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe (ID: 5760 |ParentID: 6000)
    C:WindowsSysWOW64DllHost.exe (ID: 5568 |ParentID: 844)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 1976 |ParentID: 676)
    C:WindowsSysWOW64DllHost.exe (ID: 7040 |ParentID: 844)
    C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 4888 |ParentID: 2000)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 5348 |ParentID: 676)
    C:Program FilesWindows Sidebarsidebar.exe (ID: 3748 |ParentID: 7080)
    C:WindowsservicingTrustedInstaller.exe (ID: 3772 |ParentID: 676)
    C:Windowssystem32SearchProtocolHost.exe (ID: 2892 |ParentID: 5288)
    C:Windowssystem32SearchFilterHost.exe (ID: 3476 |ParentID: 5288)
    C:UsbFixGo.exe (ID: 1712 |ParentID: 3068)
    C:Windowssystem32wbemwmiprvse.exe (ID: 6828 |ParentID: 844)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
    04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWARE | Run : [NortonOnlineBackupReminder] – “C:Program Files (x86)SymantecNorton Online BackupActivationNobuActivation.exe” UNATTENDED
    04 – HKLMSOFTWARE | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
    04 – HKLMSOFTWARE | Run : [MarketingTools] – C:Program Files (x86)SonyMarketing ToolsMarketingTools.exe
    04 – HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
    04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWAREwow6432Node | Run : [NortonOnlineBackupReminder] – “C:Program Files (x86)SymantecNorton Online BackupActivationNobuActivation.exe” UNATTENDED
    04 – HKLMSOFTWAREwow6432Node | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [MarketingTools] – C:Program Files (x86)SonyMarketing ToolsMarketingTools.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
    04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [ccleaner] – “C:Program FilesCCleanerCCleaner64.exe” /AUTO
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [EPSON SX510W Series] – C:Windowssystem32spoolDRIVERSx643E_IATIFIE.EXE /FU “C:WindowsTEMPE_S6FA3.tmp” /EF “HKCU”
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [Facebook Update] – “C:UsersutilAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [cacaoweb] – “C:UsersutilAppDataRoamingcacaowebcacaoweb.exe” -noplayer
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersutilAppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | Recherche générique |

    Présent! C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

    ################## | Référence de comparaison MD5 |

    Md5 : E0EB892AA2F6A759B68EB0F11F9B5A47 -> C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Md5 : E0EB892AA2F6A759B68EB0F11F9B5A47 -> C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

    ################## | Comparaison MD5 |

    Présent! Md5 : E0EB892AA2F6A759B68EB0F11F9B5A47 -> C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

    ################## | Registre |

    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 0
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 0
    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1
    Présent! HKUS-1-5-21-4171943823-1265886224-166694169-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Présent! HKLMSoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    bonsoir il faut relancer usbfix , puis cliquer sur supression , en ayant au préalable branché tout ce que se branche au ports usb

  • Photo du profil de Marion01Marion01
    Participant
    Nombre d'articles : 2

    Mais ça va me supprime tous mes fichiers de ma clés USB non ?

  • Photo du profil de Marion01Marion01
    Participant
    Nombre d'articles : 2

    J’ai fait ce que vous m’avez dit avec ma clé USB, parce que je l’avais déjà sauvegarder sur mon ordinateur. Voilà le nouveau rapport :

    ############################## | UsbFix V 7.152 | [Suppression]

    Utilisateur: util (Administrateur) # UTIL-VAIO
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 18:50:40 | 22/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Sony Corporation (VAIO)
    CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
    RAM -> [Total : 3950 | Free : 2333]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Google Chrome : 0.0.0.0
    WB: Mozilla Firefox : 25.0.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AS: Windows Defender [Enabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 455 Go (76 Go libre(s) – 17%) [] # NTFS
    E: -> CD-ROM
    G: -> Disque amovible # 4 Go (2 Go libre(s) – 54%) [MARION] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 2532 |ParentID: 3020)
    Stoppé! C:Windowsexplorer.exe (ID: 5508 |ParentID: 712)
    Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 6636 |ParentID: 532)
    Stoppé! C:WindowsSystem32rundll32.exe (ID: 1912 |ParentID: 844)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5252 |ParentID: 676)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5000 |ParentID: 676)
    Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5740 |ParentID: 676)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1636 |ParentID: 676)
    Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 3888 |ParentID: 676)
    Stoppé! C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID: 6548 |ParentID: 676)
    Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 2016 |ParentID: 5508)
    Stoppé! C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID: 5892 |ParentID: 844)
    Stoppé! C:UsersutilAppDataRoamingDropboxbinDropbox.exe (ID: 4380 |ParentID: 844)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 2152 |ParentID: 788)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWARE | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
    04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWARE | Run : [NortonOnlineBackupReminder] – “C:Program Files (x86)SymantecNorton Online BackupActivationNobuActivation.exe” UNATTENDED
    04 – HKLMSOFTWARE | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
    04 – HKLMSOFTWARE | Run : [MarketingTools] – C:Program Files (x86)SonyMarketing ToolsMarketingTools.exe
    04 – HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
    04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
    04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [ISBMgr.exe] – “C:Program Files (x86)SonyISB UtilityISBMgr.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    04 – HKLMSOFTWAREwow6432Node | Run : [NortonOnlineBackupReminder] – “C:Program Files (x86)SymantecNorton Online BackupActivationNobuActivation.exe” UNATTENDED
    04 – HKLMSOFTWAREwow6432Node | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [MarketingTools] – C:Program Files (x86)SonyMarketing ToolsMarketingTools.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
    04 – HKLMSOFTWAREwow6432Node | Run : [EEventManager] – C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
    04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
    04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [IJNetworkScannerSelectorEX] – C:Program Files (x86)CanonIJ Network Scanner Selector EXCNMNSST.exe /FORCE
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [ccleaner] – “C:Program FilesCCleanerCCleaner64.exe” /AUTO
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [EPSON SX510W Series] – C:Windowssystem32spoolDRIVERSx643E_IATIFIE.EXE /FU “C:WindowsTEMPE_S6FA3.tmp” /EF “HKCU”
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [Facebook Update] – “C:UsersutilAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [cacaoweb] – “C:UsersutilAppDataRoamingcacaowebcacaoweb.exe” -noplayer
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [RESTART_STICKY_NOTES] – C:WindowsSystem32StikyNot.exe
    04 – HKUS-1-5-21-4171943823-1265886224-166694169-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersutilAppDataLocalTempiTunesHelper.vbe”
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | Recherche générique |

    Supprimé! C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : E0EB892AA2F6A759B68EB0F11F9B5A47 -> C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
    Md5 : E0EB892AA2F6A759B68EB0F11F9B5A47 -> C:UsersutilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe

    ################## | Comparaison MD5 |

    ################## | Registre |

    Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|EnableLUA -> 1
    Réparé ! HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|ConsentPromptBehaviorAdmin -> 5
    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 0
    Réparé ! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 0
    Supprimé! HKUS-1-5-21-4171943823-1265886224-166694169-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Supprimé! HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionRun|iTunesHelper
    Supprimé! HKUS-1-5-21-4171943823-1265886224-166694169-1000Software….Mountpoints2{7a980a4f-d5c8-11df-86d4-c44619bb62e2}

    ################## | Listing |

    [11/10/2010 – 17:48:01 | SHD ] C:$Recycle.Bin
    [12/05/2012 – 00:16:00 | D ] C:9da37e14f75b731e18f1e2013591
    [26/03/2013 – 12:56:26 | N | 16528] C:AdwCleaner[R1].txt
    [26/03/2013 – 12:56:46 | N | 16900] C:AdwCleaner[S1].txt
    [20/11/2013 – 03:33:47 | SHD ] C:Config.Msi
    [20/05/2010 – 10:40:16 | D ] C:Documentation
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [22/11/2013 – 17:54:07 | ASH | 3106480128] C:hiberfil.sys
    [19/05/2010 – 22:10:37 | D ] C:Intel
    [20/05/2010 – 09:58:23 | N | 310122] C:lv.log
    [22/01/2011 – 09:27:29 | RHD ] C:MSOCache
    [22/11/2013 – 17:54:14 | ASH | 4141977600] C:pagefile.sys
    [14/07/2009 – 04:20:08 | D ] C:PerfLogs
    [20/09/2013 – 15:45:12 | D ] C:Program Files
    [16/11/2013 – 15:25:32 | D ] C:Program Files (x86)
    [04/11/2013 – 16:38:42 | HD ] C:ProgramData
    [20/05/2010 – 09:53:14 | N | 2895] C:RHDSetup.log
    [19/11/2012 – 13:50:58 | D ] C:SphinxIQ
    [20/05/2010 – 09:58:15 | D ] C:SPLASH.000
    [20/05/2010 – 09:58:15 | N | 73] C:splash.idx
    [20/05/2010 – 09:58:02 | D ] C:SPLASH.SYS
    [22/11/2013 – 17:59:20 | SHD ] C:System Volume Information
    [20/05/2010 – 10:30:43 | D ] C:Temp
    [08/01/2013 – 20:19:39 | N | 201977] C:test.xml
    [22/11/2013 – 18:52:08 | D ] C:UsbFix
    [22/11/2013 – 18:52:10 | A | 10546] C:UsbFix [Clean 1] UTIL-VAIO.txt
    [22/11/2013 – 18:12:37 | N | 15169] C:UsbFix [Scan 1] UTIL-VAIO.txt
    [11/10/2010 – 16:34:45 | RD ] C:Users
    [15/12/2009 – 10:53:48 | N | 3872] C:version
    [22/11/2013 – 18:00:22 | D ] C:Windows
    [29/03/2013 – 08:19:06 | N | 31482] C:xlstatsupport.txt
    [20/05/2010 – 10:40:16 | D ] C:_FS_SWRINFO
    [29/03/2012 – 12:02:54 | N | 141069] G:organi.jpg
    [11/05/2012 – 19:37:46 | N | 692107] G:FORMATION INITIATEURS.docx
    [17/10/2012 – 09:06:54 | D ] G:LOST.DIR
    [27/02/2012 – 14:23:46 | AH | 4096] G:._.Trashes
    [17/10/2012 – 09:07:00 | D ] G:DCIM
    [27/02/2012 – 14:23:46 | HD ] G:.Trashes
    [12/06/2012 – 18:12:28 | N | 28672] G:oral T.doc
    [27/02/2012 – 14:23:48 | HD ] G:.Spotlight-V100
    [07/10/2013 – 11:13:56 | N | 126632] G:ETUDE DE CAS.pptx
    [28/02/2012 – 08:43:40 | N | 1227023] G:Numériser0002.jpg
    [22/10/2012 – 13:05:00 | N | 67072] G:Enquête.doc
    [22/10/2013 – 12:34:30 | N | 12168] G:Cas SCAMI.xlsx
    [14/10/2013 – 10:25:00 | N | 277339] G:AFF CM.docx
    [05/06/2012 – 16:30:10 | N | 3747757] G:Rapport de stage TA.docx
    [22/11/2013 – 18:34:14 | RASHD ] G:Autorun.inf
    [09/03/2012 – 11:48:10 | N | 39632] G:Sté TUBES BRESTOISE Partie 1 -.xlsx
    [07/06/2012 – 14:59:32 | N | 9348] G:CV rapport.pdf
    [13/11/2012 – 22:18:42 | N | 16572] G:Revue de presse Les priorités du second mandat de Barack Obama.docx
    [14/11/2012 – 16:02:42 | N | 15124] G:plan powerpoint revue de presse.docx
    [16/11/2012 – 14:57:12 | N | 19532] G:Le conflit social.docx
    [16/11/2012 – 15:36:58 | N | 13504] G:Un conflit chez Copitol SA.docx
    [16/11/2012 – 16:27:18 | N | 17596] G:Un conflit chez Copitol td RH.docx
    [17/10/2012 – 09:06:54 | D ] G:.android_secure
    [17/10/2012 – 09:15:42 | D ] G:~wmtthumb
    [27/01/2013 – 14:18:22 | N | 32256] G:III LA HIERARCHIE.doc
    [20/02/2013 – 10:22:16 | N | 9598] G:HEURES SAINT PRIEST.xlsx
    [07/03/2013 – 16:34:40 | N | 144624] G:media.docx
    [22/02/2013 – 14:27:04 | N | 12629] G:Exo chap 5.xlsx
    [06/03/2013 – 16:21:12 | N | 138282] G:rapport DM.docx
    [06/04/2013 – 09:20:12 | N | 38912] G:Tableau de financement.doc
    [20/03/2013 – 10:17:48 | N | 1171883] G:Semi partiel Compta.pdf
    [26/03/2013 – 11:49:20 | N | 20439] G:lettre de recommandation.pdf
    [15/04/2013 – 13:46:20 | N | 825675] G:Ex_avr10.pdf
    [03/05/2013 – 09:32:36 | D ] G:Stage Faivre expert
    [26/03/2013 – 14:17:42 | D ] G:Dossier Adri
    [10/04/2013 – 08:30:44 | D ] G:Analyse de l’information comptable
    [26/03/2013 – 12:39:44 | D ] G:Analyse Info Comptable
    [31/05/2013 – 10:06:24 | D ] G:coalaclient
    [16/06/2013 – 17:40:54 | D ] G:adrien photos
    [04/11/2010 – 17:13:22 | D ] G:IUT
    [14/12/2010 – 16:44:06 | N | 16091] G:~WRL0190.tmp
    [12/01/2011 – 12:13:36 | D ] G:Adri

    ################## | Vaccin |

    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8320

    • Télécharge MalwareBytes Anti-Malware
    • Installe le. Décoche “Activer l’essai gratuit de Malwarebytes Anti-Malware PRO”
    • Lance Malwarebytes’ Anti-Malware.
    • Clic sur l’onglet “Mises à jours” puis sur “Rechercher des mises à jours”
    • Clic sur l’onglet “Recherche“, coche “éxécuter un examen complet” puis clic sur Rechercher

    • A la fin de l’analyse, si MBAM n’a rien trouvé :
      • Clic sur OK, le rapport s’ouvre spontanément
    • Si des menaces ont été détectées :
      • Clic sur OK puis “Afficher les résultats
      • Choisis l’option “Supprimer la sélection
      • Si MBAM demande le redémarrage de Windows : Clic sur “Oui
      • Une fois le PC redémarré, le rapport se trouve dans l’onglet “Rapports/Logs
      • Sinon le rapport s’ouvre automatiquement après la suppression
      • Poste le rapport dans ta prochaine réponse

Le sujet ‘ports USB de l’ordinateur infecté’ est fermé à de nouvelles réponses.