Répondre à : virus clé USB 2016-09-08T13:01:58+00:00
jerome
Participant
Post count: 14

Merci! J’ai fait suppresion. Voici le rapport :
[spoiler:3cj71h0n]############################## | UsbFix V 7.129 | [Suppression]

Utilisateur: rodrigue (Administrateur) # RODRIGUE-PC
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 11:36:56 | 22/07/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: https://www.sosvirus.net/upload-malware-pour-analyse-t489.html” onclick=”window.open(this.href);return false;
Contact: contact@sosvirus.net

PC: Dell Inc. (Inspiron 1370) (x64-based PC)
CPU: Genuine Intel(R) CPU U7300 @ 1.30GHz (1300)
RAM -> [Total : 4091 | Free : 1811]
BIOS: Ver 1.00 A01
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16635

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 59 Go (16 Go libre(s) – 26%) [OS] # NTFS
D: -> Disque fixe # 230 Go (225 Go libre(s) – 98%) [] # NTFS
E: -> CD-ROM
I: -> Disque amovible # 7 Go (7 Go libre(s) – 89%) [RGARCIA] # FAT32

################## | El Desaparecido Section |

HKLMSOFTWARE | Run : [PDVDDXSrv] – “C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe”
HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWAREwow6432Node | Run : [PDVDDXSrv] – “C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe”
HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (844)
Stoppé! C:Program FilesDellDellDockDockLogin.exe (292)
Stoppé! C:Program FilesDellDell Wireless WLAN CardWLTRYSVC.EXE (1184)
Stoppé! C:Windowssystem32WLANExt.exe (1192)
Stoppé! C:Program FilesDellDell Wireless WLAN Cardbcmwltry.exe (1244)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (1264)
Stoppé! C:Windowssystem32nvvsvc.exe (1404)
Stoppé! C:WindowsSystem32spoolsv.exe (1652)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (1808)
Stoppé! C:Program FilesRealtekAudioHDAAERTSr64.exe (1840)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (1888)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (1992)
Stoppé! c:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (1448)
Stoppé! C:Windowssystem32dlcgcoms.exe (108)
Stoppé! C:WindowsMicrosoft.NETFramework64v3.0Windows Communication FoundationSMSvcHost.exe (2088)
Stoppé! C:Program Files (x86)Western DigitalWD Drive ManagerWDDriveService.exe (2460)
Stoppé! C:Program Files (x86)Western DigitalWD SmartWareWDRulesEngine.exe (2516)
Stoppé! C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe (2780)
Stoppé! C:Program Files (x86)Western DigitalWD SmartWareWDBackupEngine.exe (3036)
Stoppé! C:Windowssystem32taskhost.exe (4068)
Stoppé! C:Windowssystem32SearchIndexer.exe (3728)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (608)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (2804)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (1492)
Stoppé! C:Program FilesDellQuickSetquickset.exe (2152)
Stoppé! C:Program FilesDellDell Wireless WLAN CardWLTRAY.EXE (2856)
Stoppé! C:WindowsSystem32rundll32.exe (3380)
Stoppé! C:UsersrodrigueAppDataRoamingDropboxbinDropbox.exe (3792)
Stoppé! C:Program Files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe (1540)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (2216)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (2996)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (4840)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (5024)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (3740)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (3168)
Stoppé! C:Windowssystem32vssvc.exe (5916)
Stoppé! C:Windowssystem32wuauclt.exe (2432)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (3704)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (5232)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (3616)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (5540)
Stoppé! C:WindowsSystem32WUDFHost.exe (5100)
Stoppé! C:WindowsSysWOW64ctfmon.exe (3268)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (5748)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (5896)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (5256)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (3876)
Stoppé! C:Windowssystem32NOTEPAD.EXE (4480)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (7152)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_7_700_224.exe (6220)

################## | Éléments infectieux |

Supprimé! I:THESE.lnk
Supprimé! I:DIU coro.lnk
Supprimé! I:BRS.lnk
Supprimé! I:epicor.lnk
Supprimé! I:Steinert.lnk
Supprimé! I:StatView.lnk
Supprimé! I:laminopathies.lnk
Supprimé! I:Articles internes.lnk
Supprimé! I:Livre Braunwald.lnk
Supprimé! I:hollandts lucienne.lnk
Supprimé! I:electrophysiologie GP.lnk
Supprimé! I:Direction de la recherche.lnk
Supprimé! I:autorun.inf

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Mountpoints2 |

Supprimé! HKCU….ExplorerMountPoints2F
Supprimé! HKCU….ExplorerMountPoints2{66e36872-9ac5-11e1-a1d5-0026b9d6c102}
Supprimé! HKCU….ExplorerMountPoints2{e43fa7ff-79cd-11e1-9c93-0026b9d6c102}

################## | Listing |

[01/06/2010 – 20:17:42 | SHD ] C:$Recycle.Bin
[15/05/2013 – 07:38:47 | SHD ] C:Boot
[20/11/2010 – 14:40:07 | RASH | 383786] C:bootmgr
[24/12/2009 – 04:11:09 | N | 8192] C:BOOTSECT.BAK
[17/07/2013 – 09:29:19 | D ] C:Config.Msi
[01/06/2010 – 20:07:54 | D ] C:Dell
[21/05/2010 – 21:02:07 | N | 2556] C:dell.sdr
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[15/10/2011 – 20:40:46 | D ] C:found.000
[22/07/2013 – 09:28:10 | ASH | 3217268736] C:hiberfil.sys
[21/05/2010 – 23:48:10 | D ] C:inetpub
[21/05/2010 – 21:04:03 | RHD ] C:MSOCache
[22/07/2013 – 09:28:16 | ASH | 4289695744] C:pagefile.sys
[14/07/2013 – 23:38:33 | D ] C:Program Files
[14/07/2013 – 23:56:17 | D ] C:Program Files (x86)
[25/03/2013 – 23:23:01 | HD ] C:ProgramData
[01/06/2010 – 20:07:23 | SHD ] C:Recovery
[22/07/2013 – 11:38:39 | SHD ] C:System Volume Information
[22/07/2013 – 11:38:35 | D ] C:UsbFix
[22/07/2013 – 11:39:00 | A | 7991] C:UsbFix [Clean 1] RODRIGUE-PC.txt
[22/07/2013 – 09:54:03 | N | 7702] C:UsbFix [Scan 2] RODRIGUE-PC.txt
[06/06/2013 – 21:22:30 | D ] C:Users
[17/05/2013 – 19:34:57 | D ] C:Windows
[01/06/2010 – 20:17:42 | SHD ] D:$RECYCLE.BIN
[22/06/2012 – 17:43:06 | D ] D:2319cbbcaa9a376b3b2ce574
[05/02/2013 – 23:30:33 | D ] D:article
[12/07/2012 – 22:46:46 | D ] D:BACKUP
[23/11/2011 – 14:15:32 | N | 3674367] D:Cardiologie_masson.pdf
[20/03/2013 – 22:56:07 | D ] D:cours DIU rythmo
[01/01/2005 – 11:13:16 | N | 9985098] D:DIUcomplicationsDAI.pptx
[18/09/2011 – 23:26:51 | D ] D:f70516abd2cf2a47bae8a3e03ba344fd
[20/10/2012 – 20:22:57 | D ] D:images
[17/07/2012 – 22:08:59 | D ] D:Prism 5
[22/03/2013 – 00:13:20 | D ] D:rythmo
[27/10/2012 – 14:35:32 | D ] D:Steinert
[12/04/2013 – 19:36:32 | SHD ] D:System Volume Information
[10/11/2012 – 00:23:21 | D ] D:thèse
[08/03/2012 – 14:35:08 | N | 32464896] D:TV.ppt.ppt
[16/07/2010 – 23:25:12 | HD ] I:.Trashes
[29/11/2007 – 11:34:40 | HD ] I:System
[23/10/2007 – 09:45:40 | N | 1336632] I:LaunchU3.exe
[16/07/2010 – 23:25:12 | N | 4096] I:._.Trashes
[25/03/2013 – 22:08:54 | N | 2391336] I:DEHARO[1].pdf
[09/10/2011 – 16:58:28 | D ] I:THESE
[18/05/2013 – 17:03:04 | N | 22016] I:PM.doc
[01/11/2007 – 16:34:26 | N | 1699840] I:RestoreU3.exe
[16/07/2010 – 23:25:12 | D ] I:.Spotlight-V100
[20/06/2012 – 17:30:54 | N | 302534] I:diabète SUPER TOPO.pptx
[20/07/2013 – 20:55:42 | N | 33280] I:PLANNING REA.xls
[03/06/2013 – 21:30:26 | N | 5699584] I:Monsieur C.ppt
[17/07/2012 – 19:23:36 | N | 25134] I:Recommandation arbre_genealogique.pdf
[03/06/2013 – 18:02:28 | N | 29481024] I:Anesthesie.book.pdf
[12/07/2013 – 08:12:46 | D ] I:DIU coro
[21/07/2013 – 17:25:18 | D ] I:chrome
[17/02/2011 – 09:24:54 | N | 2107392] I:dip plateau.ppt
[12/05/2013 – 19:05:38 | N | 75746] I:ecmo.pdf
[31/07/2004 – 23:12:56 | N | 900030] I:kt98.pdf
[05/07/2012 – 12:20:02 | D ] I:Steinert
[15/11/2012 – 20:42:22 | D ] I:BRS
[21/12/2012 – 08:04:10 | D ] I:epicor
[07/06/2004 – 17:21:16 | N | 900030] I:kt droit.pdf
[02/07/2011 – 13:17:42 | N | 1005633] I:HAISSAGUERRE PARAHISSIAN.pdf
[21/06/2012 – 13:30:16 | N | 890368] I:PEC BPCO.ppt
[25/05/2011 – 16:53:30 | D ] I:StatView
[08/07/2013 – 19:23:14 | D ] I:laminopathies
[15/07/2011 – 12:41:28 | N | 3924410] I:Mariano.pdf
[13/02/2012 – 17:44:16 | N | 26083] I:Fiche_Contactez-nous.pdf
[10/12/2011 – 11:41:46 | D ] I:Articles internes
[13/12/2011 – 09:55:18 | N | 165] I:~$coronary revascularisation in diabetics patients.pptx
[28/07/2010 – 15:28:18 | N | 1012288] I:topo avk.pdf
[26/06/2013 – 10:26:18 | D ] I:.fseventsd
[15/05/2013 – 21:35:42 | D ] I:Livre Braunwald
[13/02/2012 – 11:36:40 | N | 2832619] I:referentiel.pdf
[14/07/2013 – 23:34:08 | N | 294219] I:schwartz 2013.pdf
[25/05/2013 – 10:47:16 | D ] I:hollandts lucienne
[26/04/2013 – 16:48:50 | N | 1692406] I:chanelopathies napolitano.pdf
[26/04/2013 – 16:57:08 | N | 550938] I:guidelines polymorphic VT.pdf
[20/09/2010 – 14:00:32 | N | 207065] I:PLAN DE PRESENTATION D’UN TRAVAIL DE RECHERCHE.pdf
[17/04/2013 – 10:23:30 | N | 3021741] I:laurent JACC 2012.pdf
[03/06/2013 – 21:16:56 | N | 1261568] I:rea mai sept 2013.xls
[14/09/2012 – 18:25:46 | N | 80331] I:rediger_article_scientifique.pdf
[14/09/2012 – 18:26:30 | N | 60969] I:CommentRediger.pdf
[12/06/2013 – 22:21:36 | N | 334350] I:icmje vancouver.pdf
[05/12/2012 – 19:40:52 | N | 826368] I:etude avc fa rodriguo.121205xls.xls
[09/10/2012 – 00:20:12 | D ] I:electrophysiologie GP
[29/05/2013 – 22:16:20 | D ] I:Direction de la recherche
[12/06/2013 – 22:23:18 | N | 229344] I:ConventionDeVancouver_2012.pdf
[29/05/2013 – 21:04:36 | N | 33904] I:CURRICULUM VITAE GARCIA rodrigue.pdf
[19/06/2013 – 22:50:48 | N | 4129140] I:rfe_sedation_analgesie_2010.pdf
[19/06/2013 – 22:54:10 | N | 262029] I:2007_conference_de_consensus_sedation_et_analgesie_en_reanimation_nouveau_ne_exclu.pdf
[21/07/2013 – 18:20:32 | N | 1574781] I:strain GE.pdf
[21/07/2013 – 18:23:08 | N | 1547349] I:GEHC-Brochure_Vivid-E9-4D-Cardiovascular-Ultrasound.pdf
[21/07/2013 – 18:23:46 | N | 2716717] I:GEHealthcare-Poster_Echocardiography-for-Heart-Failure.pdf
[21/07/2013 – 19:13:52 | N | 388868] I:assessment of left ventricular function.pdf
[21/07/2013 – 19:28:42 | N | 421843] I:schmidt Am J Cardiol 1999 Real-Time Three-Dimensional Echocardiography for measurement of left ventricular volumes.pdf
[20/11/2010 – 13:10:26 | N | 315971] I:Cardiopulmonary.pdf
[16/02/2011 – 21:29:50 | N | 797404] I:cathé cardiaque.pdf

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:3cj71h0n]