Répondre à : VBS Houdini 2016-09-08T13:08:10+00:00
CERA
Participant
Post count: 15

D’abord, mille merci pour votre réponse si rapide!!!
Je suis impressionnée ET soulagée !

Je vous joins le rapport obtenu sur le portable de mon fils.
Suspense… (pour moi)

Claude
[spoiler:6gzt940q]############################## | UsbFix V 7.143 | [Recherche]

Utilisateur: utilisateur (Administrateur) # IA38-H-0019
Mis à jour le 05/10/2013 par El Desaparecido – Team SosVirus
Lancé à 19:10:41 | 07/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0JGC48)
CPU: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
RAM -> [Total : 1948 | Free : 844]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 93 Go (60 Go libre(s) – 64%) [] # NTFS
D: -> Disque fixe # 137 Go (137 Go libre(s) – 100%) [Données] # NTFS
E: -> CD-ROM

################## | Processus Actif |

C:Windowssystem32csrss.exe (ID 456 |ParentID 448)
C:Windowssystem32wininit.exe (ID 564 |ParentID 448)
C:Windowssystem32csrss.exe (ID 572 |ParentID 556)
C:Windowssystem32services.exe (ID 612 |ParentID 564)
C:Windowssystem32lsass.exe (ID 640 |ParentID 564)
C:Windowssystem32lsm.exe (ID 648 |ParentID 564)
C:Windowssystem32winlogon.exe (ID 700 |ParentID 556)
C:Windowssystem32svchost.exe (ID 788 |ParentID 612)
C:Windowssystem32nvvsvc.exe (ID 864 |ParentID 612)
C:Windowssystem32svchost.exe (ID 904 |ParentID 612)
C:WindowsSystem32svchost.exe (ID 1000 |ParentID 612)
C:WindowsSystem32svchost.exe (ID 1048 |ParentID 612)
C:Windowssystem32svchost.exe (ID 1084 |ParentID 612)
C:Windowssystem32svchost.exe (ID 1108 |ParentID 612)
C:Program FilesIDTWDMSTacSV.exe (ID 1156 |ParentID 612)
C:Windowssystem32vcsFPService.exe (ID 1532 |ParentID 612)
C:Windowssystem32svchost.exe (ID 1592 |ParentID 612)
C:Program FilesDellDW WLAN CardWLTRYSVC.EXE (ID 1696 |ParentID 612)
C:Windowssystem32WLANExt.exe (ID 1704 |ParentID 1048)
C:Windowssystem32conhost.exe (ID 1728 |ParentID 456)
C:Program FilesDellDW WLAN Cardbcmwltry.exe (ID 1760 |ParentID 1696)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1768 |ParentID 612)
C:WindowsSystem32spoolsv.exe (ID 1924 |ParentID 612)
C:Windowssystem32svchost.exe (ID 1980 |ParentID 612)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID 476 |ParentID 612)
C:Program FilesIDTWDMaestsrv.exe (ID 448 |ParentID 612)
C:Program FilesDell WirelessAth_CoexAgent.exe (ID 556 |ParentID 612)
C:Program FilesDell WirelessBluetooth Suiteadminservice.exe (ID 644 |ParentID 612)
C:Program FilesIntelBluetoothdevmonsrv.exe (ID 1528 |ParentID 612)
C:Windowssystem32svchost.exe (ID 1664 |ParentID 612)
C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe (ID 1872 |ParentID 612)
C:Program FilesIntelWiFibinEvtEng.exe (ID 1944 |ParentID 612)
C:Windowssystem32svchost.exe (ID 1884 |ParentID 612)
C:Program FilesRIFT TechnologiesInstallClick Connectorinstallclick.exe (ID 2088 |ParentID 612)
C:Program FilesOCS Inventory Agentocsservice.exe (ID 2120 |ParentID 612)
C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe (ID 2316 |ParentID 612)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2396 |ParentID 612)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2464 |ParentID 2396)
C:Windowssystem32wbemunsecapp.exe (ID 2580 |ParentID 788)
C:Windowssystem32wbemwmiprvse.exe (ID 2688 |ParentID 788)
C:Program FilesDellDell WWANWMCoremini_WMCore.exe (ID 2720 |ParentID 612)
C:Program FilesIntelBluetoothobexsrv.exe (ID 2748 |ParentID 612)
C:Windowssystem32svchost.exe (ID 4092 |ParentID 612)
C:Program FilesRIFT TechnologiesInstallClick Connectorinstallclick-connector.exe (ID 3520 |ParentID 2088)
C:Windowssystem32conhost.exe (ID 3528 |ParentID 456)
C:Program FilesIntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 3408 |ParentID 612)
C:WindowsSystem32svchost.exe (ID 1396 |ParentID 612)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 3300 |ParentID 612)
C:Windowssystem32SearchIndexer.exe (ID 3604 |ParentID 612)
C:Program FilesIntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 3972 |ParentID 612)
C:Windowssystem32taskhost.exe (ID 2888 |ParentID 612)
C:Windowssystem32Dwm.exe (ID 1824 |ParentID 1048)
C:WindowsExplorer.EXE (ID 3484 |ParentID 2484)
C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 1812 |ParentID 3484)
C:Program FilesDellDW WLAN CardWLTRAY.EXE (ID 4072 |ParentID 3484)
C:Program FilesDellQuickSetquickset.exe (ID 3216 |ParentID 3484)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 3264 |ParentID 3484)
C:Program FilesRenesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe (ID 636 |ParentID 3484)
C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe (ID 4160 |ParentID 3484)
C:WindowsSystem32igfxtray.exe (ID 4168 |ParentID 3484)
C:WindowsSystem32hkcmd.exe (ID 4176 |ParentID 3484)
C:WindowsSystem32igfxpers.exe (ID 4212 |ParentID 3484)
C:Program FilesSTMicroelectronicsAccelerometerP11FF_Protection.exe (ID 4312 |ParentID 3484)
C:WindowsSystem32rundll32.exe (ID 4320 |ParentID 3484)
C:Program FilesDellTPadApoint.exe (ID 4428 |ParentID 3484)
C:Program FilesDell WirelessBluetooth SuiteBtvStack.exe (ID 4476 |ParentID 3484)
C:Program FilesDell WirelessBluetooth SuiteAthBtTray.exe (ID 4512 |ParentID 3484)
C:Program FilesDellTPadApMsgFwd.exe (ID 4552 |ParentID 4428)
C:Program FilesIDTWDMsttray.exe (ID 4604 |ParentID 3484)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 4692 |ParentID 3484)
C:Windowssystem32wbemunsecapp.exe (ID 4724 |ParentID 788)
C:Program FilesDellTPadApntex.exe (ID 4764 |ParentID 4716)
C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID 4816 |ParentID 3484)
C:Windowssystem32conhost.exe (ID 4836 |ParentID 572)
C:Program FilesIntelBluetoothmediasrv.exe (ID 5008 |ParentID 612)
C:Program FilesDellTPadHidFind.exe (ID 5020 |ParentID 4428)
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe (ID 5248 |ParentID 3484)
C:Program FilesMicrosoft OfficeOffice14ONENOTEM.EXE (ID 5272 |ParentID 3484)
C:WindowsSystem32svchost.exe (ID 5612 |ParentID 612)
C:Program FilesOpenOffice.org 3programsoffice.exe (ID 5628 |ParentID 5312)
C:Program FilesOpenOffice.org 3programsoffice.bin (ID 5780 |ParentID 5628)
C:Program FilesIntelBluetoothBTPlayerCtrl.exe (ID 4688 |ParentID 788)
C:Windowssystem32DllHost.exe (ID 5408 |ParentID 788)
C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe (ID 5124 |ParentID 788)
C:Program FilesMicrosoftBingBar7.3.107.0SeaPort.exe (ID 1220 |ParentID 612)
C:Windowssystem32svchost.exe (ID 1952 |ParentID 612)
C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID 1932 |ParentID 612)
C:UsersutilisateurAppDataLocalGoogleChromeApplicationchrome.exe (ID 5188 |ParentID 3484)
C:UsersutilisateurAppDataLocalGoogleChromeApplicationchrome.exe (ID 1620 |ParentID 5188)
C:UsersutilisateurAppDataLocalGoogleChromeApplicationchrome.exe (ID 4600 |ParentID 5188)
C:UsersutilisateurAppDataLocalGoogleChromeApplicationchrome.exe (ID 3296 |ParentID 5188)
C:UsersutilisateurAppDataLocalGoogleChromeApplicationchrome.exe (ID 5912 |ParentID 5188)
C:UsersutilisateurAppDataLocalGoogleChromeApplicationchrome.exe (ID 2356 |ParentID 5188)
C:UsbFixGo.exe (ID 4664 |ParentID 6072)
C:Windowssystem32wbemwmiprvse.exe (ID 680 |ParentID 788)

################## | Regedit Run |

HKLMSOFTWARE | Run : [IAStorIcon] – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWARE | Run : [Broadcom Wireless Manager UI] – C:Program FilesDellDW WLAN CardWLTRAY.exe
HKLMSOFTWARE | Run : [NvCplDaemon] – RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
HKLMSOFTWARE | Run : [QuickSet] – C:Program FilesDellQuickSetQuickSet.exe
HKLMSOFTWARE | Run : [ChangeTPMAuth] – C:Program FilesWave Systems CorpCommonChangeTPMAuth.exe /T:NTRU12
HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [NUSB3MON] – “C:Program FilesRenesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe”
HKLMSOFTWARE | Run : [IntelWireless] – “C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe” /tf Intel Wireless Tray
HKLMSOFTWARE | Run : [IgfxTray] – C:Windowssystem32igfxtray.exe
HKLMSOFTWARE | Run : [HotKeysCmds] – C:Windowssystem32hkcmd.exe
HKLMSOFTWARE | Run : [Persistence] – C:Windowssystem32igfxpers.exe
HKLMSOFTWARE | Run : [FreeFallProtection] – C:Program FilesSTMicroelectronicsAccelerometerP11FF_Protection.exe
HKLMSOFTWARE | Run : [BTMTrayAgent] – rundll32.exe “C:Program FilesIntelBluetoothbtmshell.dll”,TrayApp
HKLMSOFTWARE | Run : [Apoint] – C:Program FilesDellTPadApoint.exe
HKLMSOFTWARE | Run : [AtherosBtStack] – “C:Program FilesDell WirelessBluetooth SuiteBtvStack.exe”
HKLMSOFTWARE | Run : [AthBtTray] – “C:Program FilesDell WirelessBluetooth SuiteAthBtTray.exe”
HKLMSOFTWARE | Run : [SysTrayApp] – C:Program FilesIDTWDMsttray.exe
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [aswAhAScr.dll] – “C:Program FilesAVAST SoftwareAvastaswRegSvr.exe” “C:Program FilesAVAST SoftwareAvastAhAScr.dll”
HKLMSOFTWARE | RunOnce : [aswasOutExt.dll] – “C:Program FilesAVAST SoftwareAvastaswRegSvr.exe” “C:Program FilesAVAST SoftwareAvastasOutExt.dll”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-3946936852-392871798-2170440508-1001SOFTWARE | Run : [Google Update] – “C:UsersutilisateurAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-3946936852-392871798-2170440508-1001SOFTWARE | Run : [msnmsgr] – “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Éléments infectieux |

Présent! C:UsersUTILIS~1AppDataLocalTemp84680-661351-sweet-home-3d.exe
Présent! C:UsersUTILIS~1AppDataLocalTempOB.exe

################## | Registre |

HKCU….ExplorerMountPoints2{247ed3cf-2cad-11e2-bf50-4c80930c4003}
ShellAutoRunCommand = F:LaunchU3.exe -a

HKCU….ExplorerMountPoints2{ef1c23db-7a97-11e0-9867-806e6f6e6963}
ShellAutoRunCommand = D:autoRcd.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:6gzt940q]