Répondre à : virus Recycler 2016-09-08T13:08:03+00:00
vincentgruas
Participant
Nombre d'articles : 27

voici le rapport USBFIX avec suppression[spoiler:2qzudxeq]############################## | UsbFix V 7.143 | [Suppression]

Utilisateur: Client 1 (Administrateur) # BAC1
Mis à jour le 05/10/2013 par El Desaparecido – Team SosVirus
Lancé à 13:17:20 | 07/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Packard Bell (imedia S3840)
CPU: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
RAM -> [Total : 6126 | Free : 4343]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16660

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 454 Go (393 Go libre(s) – 87%) [Packard Bell] # NTFS
D: -> Disque fixe # 454 Go (454 Go libre(s) – 100%) [DATA] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [CLE CD] # FAT32
H: -> Disque amovible # 8 Go (6 Go libre(s) – 74%) [] # FAT32
I: -> Disque amovible # 242 Mo (242 Mo libre(s) – 100%) [TRAVELDRIVE] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Hotkey Utility] – C:Program Files (x86)Packard BellHotkey UtilityHotkeyUtility.exe
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [Hotkey Utility] – C:Program Files (x86)Packard BellHotkey UtilityHotkeyUtility.exe
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-474160798-1772334645-1997979657-1000SOFTWARE | Run : [DexStarter_CX700_V1] – “C:UsersClient 1AppDataRoamingColor_Server_Client_ToolsPrinterDriverCX700_V1DexRunner.bat”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1244 |ParentID 636)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 4124 |ParentID 4716)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 4484 |ParentID 392)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2348 |ParentID 636)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 568 |ParentID 636)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 3184 |ParentID 2348)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 5112 |ParentID 636)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3104 |ParentID 636)
Stoppé! C:Windowssystem32DllHost.exe (ID 2968 |ParentID 804)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1648 |ParentID 636)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 1696 |ParentID 3104)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID 3736 |ParentID 3104)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[28/01/2012 – 15:43:13 | SHD ] C:$Recycle.Bin
[07/10/2013 – 13:16:21 | RASHD ] C:Autorun.inf
[15/10/2011 – 01:13:52 | D ] C:book
[11/07/2011 – 12:57:37 | RASH | 8192] C:BOOTSECT.BAK
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[27/01/2012 – 13:57:58 | D ] C:drivers imp
[07/10/2013 – 09:30:18 | ASH | 4817694720] C:hiberfil.sys
[11/07/2011 – 12:17:20 | D ] C:Intel
[02/12/2006 – 08:37:14 | N | 904704] C:msdia80.dll
[06/02/2013 – 09:42:04 | RHD ] C:MSOCache
[26/01/2012 – 11:11:16 | D ] C:OEM
[07/10/2013 – 09:30:21 | ASH | 6423597056] C:pagefile.sys
[14/07/2009 – 05:20:08 | HD ] C:PerfLogs
[07/10/2013 – 13:05:39 | N | 512] C:PhysicalDisk0_MBR.bin
[13/03/2013 – 20:19:21 | D ] C:Program Files
[07/10/2013 – 13:04:02 | D ] C:Program Files (x86)
[10/09/2012 – 11:41:43 | HD ] C:ProgramData
[26/01/2012 – 11:09:51 | SHD ] C:Recovery
[01/10/2013 – 09:11:08 | SHD ] C:System Volume Information
[07/10/2013 – 13:19:22 | D ] C:UsbFix
[07/10/2013 – 13:01:13 | N | 10525] C:UsbFix [Clean 1] BAC1.txt
[07/10/2013 – 13:16:22 | N | 7846] C:UsbFix [Clean 2] BAC1.txt
[07/10/2013 – 13:19:35 | A | 5365] C:UsbFix [Clean 3] BAC1.txt
[07/10/2013 – 11:41:16 | N | 8152] C:UsbFix [Scan 2] BAC1.txt
[07/10/2013 – 13:04:16 | RD ] C:Users
[26/09/2013 – 11:39:22 | D ] C:Windows
[05/06/2013 – 14:19:18 | D ] C:_rpcs
[28/01/2012 – 15:43:13 | SHD ] D:$RECYCLE.BIN
[07/10/2013 – 13:16:21 | RASHD ] D:Autorun.inf
[27/03/2012 – 08:41:28 | SHD ] D:System Volume Information
[20/01/2012 – 14:15:18 | SH | 4096] F:._.Trashes
[20/06/2013 – 12:39:06 | N | 56054] F:J.pdf
[20/01/2012 – 14:15:18 | SHD ] F:.Trashes
[20/06/2013 – 12:31:00 | N | 97993] F:CVp.pdf
[20/01/2012 – 14:15:18 | SHD ] F:.Spotlight-V100
[20/01/2012 – 14:35:16 | SHD ] F:.TemporaryItems
[20/01/2012 – 14:35:16 | SH | 4096] F:._.TemporaryItems
[20/06/2013 – 11:43:04 | N | 73746] F:Enseignements suivis en psychologie clinique et psychopathologie.pdf
[20/06/2013 – 12:24:06 | N | 85892] F:Résumé du Mémoire de M1 Psychologie Clinique et de la Santé.pdf
[20/06/2013 – 12:12:58 | N | 213992] F:lettremotivM2.pdf
[20/06/2013 – 11:09:52 | N | 190702] F:Détail des notes de Licence 3 Psychologie.pdf
[07/10/2013 – 13:16:24 | RASHD ] F:Autorun.inf
[28/01/2013 – 16:50:16 | N | 4096] F:._Université_de_Lorraine_-_logo.jpg
[18/03/2010 – 20:55:44 | D ] H:FOUND.000
[28/01/2012 – 00:01:18 | N | 867912] H:PIECE IDENTITE 001.jpg
[10/01/2013 – 02:15:24 | N | 1730334] H:TECHNIQUES D.pdf
[11/02/2013 – 11:54:38 | D ] H:FOUND.001
[11/02/2013 – 11:54:50 | N | 2554] H:BOOTEX.LOG
[07/10/2013 – 13:16:24 | RASHD ] H:Autorun.inf
[10/01/2013 – 02:11:10 | D ] H:Nouveau dossier
[28/05/2012 – 21:51:40 | N | 12148] H:Aurore Suss CV.docx
[10/12/2012 – 17:52:10 | N | 52987] H:Projet de stage L3 info com UDLor (4).pdf
[09/02/2013 – 18:50:00 | D ] H:appartement amneville
[11/02/2013 – 11:02:48 | N | 110659] H:L3IC_Dossiers_2013.pdf
[11/02/2013 – 11:05:14 | N | 25600] H:Grille danalyse.doc
[11/02/2013 – 11:05:34 | N | 326240] H:GuideErgonomique.pdf
[07/10/2013 – 13:16:24 | RASHD ] I:Autorun.inf

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
I:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2qzudxeq]