Répondre à : clé usb et surement PC infecté par sergelelama.vbs 2016-09-08T13:23:07+00:00
levenez
Nombre d'articles : 0

le rapport de suppression:
############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: laetitia (Administrateur) # PC-DE-LAETITIA
Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
Lancé à 16:11:46 | 03/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (30D9)
CPU: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
RAM -> [Total : 2037 | Free : 1115]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 142 Go (20 Go libre(s) – 14%) [] # NTFS
D: -> Disque fixe # 7 Go (2 Go libre(s) – 34%) [PRESARIO_RP] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (884 Mo libre(s) – 23%) [] # FAT32
G: -> CD-ROM

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID: 976 |ParentID: 648)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 2624 |ParentID: 648)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2640 |ParentID: 1204)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 3388 |ParentID: 648)
Stoppé! C:Windowssystem32taskeng.exe (ID: 3368 |ParentID: 1204)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1332 |ParentID: 648)
Stoppé! C:Windowssystem32SLsvc.exe (ID: 2444 |ParentID: 648)
Stoppé! C:WindowsExplorer.exe (ID: 3384 |ParentID: 3532)
Stoppé! C:Program FilesPDF ArchitectConversionService.exe (ID: 228 |ParentID: 648)
Stoppé! c:Program FilesMicrosoft Security ClientNisSrv.exe (ID: 3468 |ParentID: 648)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 3292 |ParentID: 2624)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 960 |ParentID: 2624)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3588 |ParentID: 1188)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [WAWifiMessage] – %ProgramFiles%Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
04 – HKLMSOFTWARE | Run : [hpWirelessAssistant] – %ProgramFiles%Hewlett-PackardHP Wireless AssistantHPWAMain.exe
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program FilesHpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [HP Health Check Scheduler] – C:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
04 – HKLMSOFTWARE | Run : [EEventManager] – “C:Program FilesEpson SoftwareEvent ManagerEEventManager.exe”
04 – HKLMSOFTWARE | Run : [Apoint] – C:Program FilesApoint2KApoint.exe
04 – HKLMSOFTWARE | Run : [AdobeCS4ServiceManager] – “C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
04 – HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Sweetpacks Communicator] – C:Program FilesSweetIMCommunicatorSweetPacksUpdateManager.exe
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
04 – HKLMSOFTWARE | Run : [MSC] – “c:Program FilesMicrosoft Security Clientmsseces.exe” -hide -runkey
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
04 – HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 – HKUS-1-5-21-2231712444-2337188415-3891921931-1000SOFTWARE | Run : [EPSON SX125 Series] – C:Windowssystem32spoolDRIVERSW32X863E_FATIGGE.EXE /FU “C:WindowsTEMPE_S9394.tmp” /EF “HKCU”
04 – HKUS-1-5-21-2231712444-2337188415-3891921931-1000SOFTWARE | Run : [EPSON Stylus SX400 Series] – C:Windowssystem32spoolDRIVERSW32X863E_FATIEGE.EXE /FU “C:WindowsTEMPE_SEA6F.tmp” /EF “HKCU”
04 – HKUS-1-5-21-2231712444-2337188415-3891921931-1000SOFTWARE | Run : [cacaoweb] – “C:UserslaetitiaAppDataRoamingcacaowebcacaoweb.exe” -noplayer

################## | Recherche générique |

Supprimé! C:UserslaetitiaAppDataRoamingPowerPacket Utility.exe
Supprimé! F:RunClubSanDisk.exe
Supprimé! F:RunClubSanDisk.lnk
Supprimé! F:RunSanDiskSecureAccess_Win.lnk
Supprimé! F:BOOTEX.lnk
Supprimé! F:WD_Discovery_v1.lnk
Supprimé! F:~$Classeur1.lnk
Supprimé! F:~$stat2.lnk
Supprimé! F:.lnk
Supprimé! F:club_application.lnk
Supprimé! F:SanDiskSecureAccess.lnk
Supprimé! F:Master 1 Ecologie.lnk
Supprimé! F:Jean.lnk
Supprimé! F:CCF STATS.lnk
Supprimé! D:desktop.ini

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : E16DE25D632BAFCECFEE5597113CFED9 -> C:UserslaetitiaAppDataRoamingPowerPacket Utility.exe

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKLMSoftwareMicrosoftSecurity Center|UacDisableNotify -> 0
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2G
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{28ee8b0d-ad85-11dd-8b61-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{49ca44c8-01a3-11dd-be90-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{762810da-0e63-11e2-a24b-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{8c8336a2-3d93-11df-a9ff-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{a7f50ffe-8c5c-11de-a56f-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{b05f7045-7cc5-11dd-92b3-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{bca0e602-170b-11df-b5b2-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{c988db73-f4d4-11e0-80a3-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{ce813615-0343-11de-af19-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{dceeeb88-3651-11df-902b-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{df6eada8-2a51-11dd-bc40-001b387f39e7}
Supprimé! HKUS-1-5-21-2231712444-2337188415-3891921931-1000Software….Mountpoints2{e1dffb4f-1bca-11df-b0b2-806e6f6e6963}

################## | Listing |

[13/12/2007 – 14:28:23 | SHD ] C:$RECYCLE.BIN
[02/07/2011 – 17:32:30 | D ] C:a4c97ecc351d9eb73bcfcb3f56
[27/09/2009 – 16:10:37 | D ] C:Adobe Illustrator 10
[05/07/2007 – 07:55:46 | N | 74] C:autoexec.bat
[13/12/2007 – 19:53:22 | D ] C:Boonty
[27/10/2011 – 15:20:20 | SHD ] C:boot
[11/04/2009 – 07:36:36 | RASH | 333257] C:bootmgr
[18/09/2006 – 22:43:37 | N | 10] C:config.sys
[13/12/2007 – 14:00:21 | SHD ] C:Documents and Settings
[14/12/2007 – 19:02:07 | D ] C:Drivers
[11/12/2009 – 14:56:02 | D ] C:ef3f69a662e4adf93bec32c1d413a505
[12/11/2012 – 21:25:19 | D ] C:found.000
[12/11/2012 – 21:25:19 | D ] C:found.001
[03/12/2013 – 13:46:24 | ASH | 2137022464] C:hiberfil.sys
[05/07/2007 – 08:15:15 | D ] C:HP
[02/03/2008 – 20:16:28 | D ] C:Intel
[24/02/2011 – 10:30:18 | N | 0] C:IO.SYS
[24/02/2011 – 10:30:18 | N | 0] C:MSDOS.SYS
[28/01/2010 – 12:07:16 | RHD ] C:MSOCache
[03/12/2013 – 13:46:20 | ASH | 2450817024] C:pagefile.sys
[20/09/2008 – 14:01:10 | D ] C:PerfLogs
[16/11/2013 – 12:07:59 | D ] C:Program Files
[01/12/2013 – 16:21:16 | HD ] C:ProgramData
[26/07/2011 – 20:53:55 | SHD ] C:RECYCLER
[13/12/2007 – 15:29:45 | D ] C:Securitoo
[13/12/2007 – 15:47:07 | N | 91] C:Setup.log
[13/12/2007 – 14:27:53 | D ] C:SwSetup
[02/12/2013 – 18:55:52 | SHD ] C:System Volume Information
[13/12/2007 – 14:27:53 | D ] C:System.sav
[13/11/2013 – 16:43:20 | N | 0] C:teacd.tmp
[22/11/2009 – 22:43:10 | N | 909] C:updatedatfix.log
[03/12/2013 – 16:18:14 | D ] C:UsbFix
[03/12/2013 – 16:18:24 | A | 9355] C:UsbFix [Clean 1] PC-DE-LAETITIA.txt
[01/12/2013 – 16:40:48 | N | 10087] C:UsbFix [Scan 1] PC-DE-LAETITIA.txt
[01/12/2013 – 17:16:40 | N | 8303] C:UsbFix [Scan 2] PC-DE-LAETITIA.txt
[03/12/2013 – 15:02:05 | N | 9129] C:UsbFix [Scan 3] PC-DE-LAETITIA.txt
[03/12/2013 – 15:15:37 | N | 7673] C:UsbFix [Scan 4] PC-DE-LAETITIA.txt
[13/12/2007 – 14:04:30 | RD ] C:Users
[01/12/2013 – 17:20:46 | D ] C:Windows
[13/12/2007 – 14:28:23 | SHD ] D:$RECYCLE.BIN
[11/09/2005 – 16:18:54 | N | 340] D:AUTOMODE
[13/12/2007 – 14:25:54 | N | 13] D:BLOCK.RIN
[14/02/2008 – 00:29:04 | SHD ] D:boot
[04/10/2006 – 00:02:44 | SH | 438328] D:bootmgr
[10/09/2002 – 17:14:28 | N | 8134] D:Folder.htt
[20/09/2007 – 18:12:27 | D ] D:HP
[20/09/2007 – 16:33:17 | N | 710] D:MASTER.LOG
[20/09/2007 – 18:12:27 | SHD ] D:preload
[29/01/2007 – 16:56:20 | SH | 109060] D:protect.ed
[20/09/2007 – 18:12:27 | RD ] D:RECOVERY
[26/07/2011 – 20:53:55 | SHD ] D:RECYCLER
[20/09/2007 – 18:12:27 | SHD ] D:SOURCES
[20/09/2007 – 18:12:27 | SHD ] D:System Volume Information
[20/09/2007 – 18:12:27 | D ] D:Tools
[20/09/2007 – 18:12:27 | D ] D:WINDOWS
[10/11/2010 – 18:16:42 | N | 31095432] F:RunSanDiskSecureAccess_Win.exe
[22/11/2010 – 14:16:10 | D ] F:club_application
[22/11/2010 – 14:16:14 | D ] F:SanDiskSecureAccess
[07/12/2011 – 17:02:46 | N | 1624] F:BOOTEX.LOG
[27/04/2011 – 15:23:34 | N | 4666284] F:WD_Discovery_v1.80_(1035.003)_With_Installer1_3.zip
[11/09/2013 – 21:19:20 | D ] F:Master 1 Ecologie
[19/09/2013 – 17:32:32 | N | 165] F:~$Classeur1.xlsx
[20/09/2013 – 15:04:40 | N | 165] F:~$stat2.xlsx
[05/10/2013 – 14:07:40 | D ] F:Jean
[07/10/2013 – 20:21:30 | D ] F:CCF STATS
[28/11/2013 – 09:27:54 | N | 387] F:.dbf
[28/11/2013 – 09:27:54 | N | 1024] F:.FPT
[01/12/2013 – 16:23:32 | D ] F:My Vaults
[01/12/2013 – 16:42:16 | RASHD ] F:Autorun.inf

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |