Répondre à : Virus sur clé usb (fichiers devenus des raccourcis) 2016-09-08T13:09:04+00:00
c0us
Participant
Nombre d'articles : 4

voici le rapport :

Spoiler for 8ts6vgpi

############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: G & D (Administrateur) # PC-DE-GUILLAUME
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 16:25:02 | 13/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Packard Bell (SJV50MV )
CPU: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
RAM -> [Total : 3066 | Free : 1687]
Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 7.0.6001.18000

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Avira Desktop [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 456 Go (178 Go libre(s) – 39%) [OS] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 7 Go (7 Go libre(s) – 97%) [STORE N GO] # FAT32
F: -> Disque amovible # 30 Go (29 Go libre(s) – 96%) [Transcend] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Windows Defender] – %ProgramFiles%Windows DefenderMSASCui.exe -hide
HKLMSOFTWARE | Run : [cAudioFilterAgent] – C:Program FilesConexantcAudioFilterAgentcAudioFilterAgent.exe
HKLMSOFTWARE | Run : [NvCplDaemon] – RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
HKLMSOFTWARE | Run : [NvMediaCenter] – RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
HKLMSOFTWARE | Run : [Camera Assistant Software] – “C:Program FilesVideo Web Cameratraybar.exe”
HKLMSOFTWARE | Run : [SynTPEnh] – C:Program FilesSynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [LManager] – C:Program FilesLaunch ManagerLManager.exe
HKLMSOFTWARE | Run : [BackupManagerTray] – “C:Program FilesNewTech InfosystemsPackard Bell MyBackupBackupManagerTray.exe” -k
HKLMSOFTWARE | Run : [RemoteControl8] – “c:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe”
HKLMSOFTWARE | Run : [PDVD8LanguageShortcut] – “c:Program FilesCyberLinkPowerDVD8LanguageLanguage.exe”
HKLMSOFTWARE | Run : [Acer ePower Management] – C:Program FilesPackard BellPackard Bell PowerSave SolutionePowerTrayLauncher.exe
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [Windows Mobile-based device management] – %windir%WindowsMobilewmdSync.exe
HKLMSOFTWARE | Run : [NPSStartup] –
HKLMSOFTWARE | Run : [EEventManager] – “C:Program FilesEpson SoftwareEvent ManagerEEventManager.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [NBKeyScan] – “C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe”
HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-19SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /detectMem
HKUS-1-5-20SOFTWARE | Run : [WindowsWelcomeCenter] – rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKUS-1-5-21-2642492580-2526700772-3555840437-1000SOFTWARE | Run : [SmpcSys] – C:Program FilesPackard BellSetUpMyPCSmpSys.exe
HKUS-1-5-21-2642492580-2526700772-3555840437-1000SOFTWARE | Run : [msnmsgr] – “C:Program FilesWindows LiveMessengermsnmsgr.exe” /background
HKUS-1-5-21-2642492580-2526700772-3555840437-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-2642492580-2526700772-3555840437-1000SOFTWARE | Run : [Connexion SFR 9props.exe] – “C:Program FilesSFRKit9props.exe” /trayicon
HKUS-1-5-21-2642492580-2526700772-3555840437-1000SOFTWARE | Run : [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] – “C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
HKUS-1-5-21-2642492580-2526700772-3555840437-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-2642492580-2526700772-3555840437-1000SOFTWARE | Run : [bEWm2wMR] – wscript.exe //B “C:UsersG&D~1AppDataLocalTempbEWm2wMR.vbs”
HKUS-1-5-21-2642492580-2526700772-3555840437-1000SOFTWARE | Run : [Intel(R)TCP] – C:UsersG & DAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (ID 884 |ParentID 672)
Stoppé! C:Windowssystem32SLsvc.exe (ID 1152 |ParentID 672)
Stoppé! C:Windowssystem32rundll32.exe (ID 1576 |ParentID 884)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1812 |ParentID 672)
Stoppé! C:Program FilesAviraAntiVir Desktopsched.exe (ID 1864 |ParentID 672)
Stoppé! C:Windowssystem32taskeng.exe (ID 1924 |ParentID 1048)
Stoppé! C:Windowssystem32taskeng.exe (ID 2032 |ParentID 1048)
Stoppé! C:Program FilesCommon FilesEPSONEBAPIeEBSVC.exe (ID 1316 |ParentID 672)
Stoppé! C:Program FilesCommon FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe (ID 2076 |ParentID 672)
Stoppé! C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe (ID 2132 |ParentID 672)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID 2168 |ParentID 672)
Stoppé! C:Program FilesAviraAntiVir Desktopavguard.exe (ID 2192 |ParentID 672)
Stoppé! C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe (ID 2232 |ParentID 672)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID 2260 |ParentID 672)
Stoppé! C:Program FilesPackard BellPackard Bell PowerSave SolutionePowerSvc.exe (ID 2360 |ParentID 672)
Stoppé! C:Program FilesNewTech InfosystemsPackard Bell MyBackupIScheduleSvc.exe (ID 2536 |ParentID 672)
Stoppé! C:Program FilesSFRGestionnaire de ConnexionSFR.DashBoard.Service.exe (ID 2652 |ParentID 672)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 2820 |ParentID 672)
Stoppé! C:Windowssystem32WUDFHost.exe (ID 3016 |ParentID 1032)
Stoppé! C:Program FilesAviraAntiVir Desktopavshadow.exe (ID 3336 |ParentID 2192)
Stoppé! C:Program FilesCONEXANTcAudioFilterAgentcAudioFilterAgent.exe (ID 3664 |ParentID 1984)
Stoppé! C:WindowsSystem32rundll32.exe (ID 3700 |ParentID 1984)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 3812 |ParentID 1984)
Stoppé! C:Program FilesLaunch ManagerLManager.exe (ID 1888 |ParentID 1984)
Stoppé! C:Program FilesNewTech InfosystemsPackard Bell MyBackupBackupManagerTray.exe (ID 1740 |ParentID 1984)
Stoppé! C:Program FilesCyberLinkPowerDVD8PDVD8Serv.exe (ID 2816 |ParentID 1984)
Stoppé! C:Program FilesiTunesiTunesHelper.exe (ID 1116 |ParentID 1984)
Stoppé! C:Program FilesPackard BellPackard Bell PowerSave SolutionePowerTray.exe (ID 908 |ParentID 992)
Stoppé! C:WindowsWindowsMobilewmdSync.exe (ID 996 |ParentID 1984)
Stoppé! C:Program FilesEpson SoftwareEvent ManagerEEventManager.exe (ID 1536 |ParentID 1984)
Stoppé! C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID 2060 |ParentID 1984)
Stoppé! C:Program FilesAviraAntiVir Desktopavgnt.exe (ID 1896 |ParentID 1984)
Stoppé! C:Program FilesPackard BellSetUpMyPCSmpSys.exe (ID 3104 |ParentID 1984)
Stoppé! C:Program FilesSFRKit9props.exe (ID 3408 |ParentID 1984)
Stoppé! C:WindowsSystem32wscript.exe (ID 3584 |ParentID 1984)
Stoppé! C:Program FilesPackard BellPackard Bell PowerSave SolutionePowerEvent.exe (ID 3072 |ParentID 2360)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID 992 |ParentID 2820)
Stoppé! C:UsersG & DAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe (ID 4640 |ParentID 248)
Stoppé! C:UsersPublicIntel(TM)SD.exe (ID 5300 |ParentID 1680)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID 5468 |ParentID 672)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 5984 |ParentID 3812)
Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID 4788 |ParentID 1984)
Stoppé! C:Windowssystem32wuauclt.exe (ID 5864 |ParentID 1048)
Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID 5140 |ParentID 4788)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 5292 |ParentID 5140)
Stoppé! C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 5788 |ParentID 5292)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID 1644 |ParentID 2820)
Stoppé! \?C:Windowssystem32wbemWMIADAP.EXE (ID 6072 |ParentID 1048)

################## | Éléments infectieux |

Supprimé! E:bEWm2wMR.vbs
Supprimé! F:bEWm2wMR.vbs
Supprimé! C:UsersG&D~1AppDataLocalTempbEWm2wMR.vbs
Supprimé! C:UsersG & DAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupbEWm2wMR.vbs
Supprimé! C:UsersG & DAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupIntel(R)TCP.exe
Supprimé! C:UsersG & DAppDataRoamingSetup_WebGameAR.exe
Supprimé! C:UsersG & DAppDataRoaming1006442Aak.tmp
Supprimé! C:UsersG & DAppDataRoaming1006442A
Supprimé! E:pointofix120en-20070402-setup.lnk
Supprimé! E:familia eval 4è sq 2.lnk
Supprimé! E:.lnk
Supprimé! E:Cours St Brévin.lnk
Supprimé! F:Grille Séquence 2 4ème Guillaume.lnk
Supprimé! F:Grille Séquence 2 3ème Guillaume.lnk
Supprimé! F:Pointofix-en.lnk
Supprimé! F:familia real.lnk
Supprimé! F:Laura impression.lnk
Supprimé! F:familia eval 4è sq 2.lnk
Supprimé! F:Documents pour Stagiaires.lnk
Supprimé! F:Transports.lnk
Supprimé! F:M2 Guillaume.lnk
Supprimé! F:3-IUFM-FAMILIA.lnk
Supprimé! F:1-IUFM-CIUDAD.lnk
Supprimé! F:Do.lnk
Supprimé! F:Guillaume M1.lnk
Supprimé! F:4ème USB.lnk
Supprimé! F:3ème USB.lnk
Supprimé! F:Collège La Venaiserie.lnk
Supprimé! F:Docs audio Fred.lnk
Supprimé! C:UsersPublic4zz.VBE
Supprimé! C:UsersPublic7zz.VBE
Supprimé! C:UsersPublic9eizmmD.vbe
Supprimé! C:UsersPublic9stziemD.VBE
Supprimé! C:UsersPublicIntel(R)TCP.exe
Supprimé! C:UsersPublicIntel(TM)SD.exe
Supprimé! C:UsersG & DAppDataRoamingG & D-wchelper.dll
Supprimé! C:UsersG & DAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiz710bclD.lnk
Supprimé! C:UsersG&D~1AppDataLocalTempG & D7
Supprimé! C:UsersG&D~1AppDataLocalTempflashmemory.vbe
Supprimé! C:UsersG&D~1AppDataLocalTempLanceur.vbs
Supprimé! C:UsersG&D~1AppDataLocalTempd023.hta
Supprimé! C:UsersG&D~1AppDataLocalTempe5g.hta
Supprimé! C:UsersG&D~1AppDataLocalTemp7za.exe
Supprimé! C:UsersG&D~1AppDataLocalTempAutoRun.exe
Supprimé! C:UsersG&D~1AppDataLocalTempOB.exe
Non supprimé ! D:JUNTOS_1.exe
Non supprimé ! D:autorun.inf

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-2642492580-2526700772-3555840437-1000SoftwareMicrosoftWindowsCurrentVersionRun|bEWm2wMR
Supprimé! HKUS-1-5-21-2642492580-2526700772-3555840437-1000SoftwareMicrosoftWindowsCurrentVersionRun|Intel(R)TCP
Supprimé! HKCU….ExplorerMountPoints2{683dbe5a-5c63-11de-8b5c-806e6f6e6963}
Supprimé! HKCU….ExplorerMountPoints2{f6c72b32-cc6f-11df-9cc8-001f16a9d3a9}

################## | Listing |

[02/09/2009 – 19:05:12 | SHD ] C:$RECYCLE.BIN
[02/09/2009 – 20:37:11 | D ] C:Acer
[13/10/2013 – 16:11:43 | D ] C:AdwCleaner
[25/03/2009 – 07:58:45 | SHD ] C:Boot
[21/01/2008 – 04:24:42 | RASH | 333203] C:bootmgr
[06/02/2008 – 01:25:41 | RAS | 8192] C:BOOTSECT.BAK
[02/09/2009 – 18:59:47 | SHD ] C:Documents and Settings
[20/05/2010 – 20:46:14 | D ] C:drivers
[02/09/2009 – 19:05:59 | D ] C:Elements
[13/10/2013 – 15:50:21 | ASH | 3215908864] C:hiberfil.sys
[24/03/2009 – 19:57:02 | RHD ] C:MSOCache
[13/10/2013 – 15:50:20 | ASH | 3529506816] C:pagefile.sys
[21/01/2008 – 04:32:31 | D ] C:PerfLogs
[19/06/2009 – 10:34:58 | N | 180] C:Preload.rev
[13/10/2013 – 15:48:23 | D ] C:Program Files
[13/10/2013 – 15:48:23 | HD ] C:ProgramData
[13/10/2013 – 11:24:13 | SHD ] C:System Volume Information
[13/10/2013 – 16:31:22 | D ] C:UsbFix
[13/10/2013 – 16:33:25 | A | 12419] C:UsbFix [Clean 2] PC-DE-GUILLAUME.txt
[13/10/2013 – 16:04:11 | N | 4611] C:UsbFix [Listing 1 ] PC-DE-GUILLAUME.txt
[13/10/2013 – 15:40:14 | N | 14294] C:UsbFix [Scan 1] PC-DE-GUILLAUME.txt
[02/09/2009 – 18:59:53 | RD ] C:Users
[13/09/2013 – 20:41:29 | D ] C:Windows
[11/03/2013 – 11:21:12 | RA | 68] D:autorun.inf
[11/03/2013 – 11:31:40 | RAD ] D:CONTENUS-JUNTOS
[24/02/2012 – 13:12:46 | RA | 353118] D:icone.ico
[06/03/2013 – 18:41:48 | RA | 9078425] D:JUNTOS_1.exe
[11/03/2013 – 11:37:28 | RA | 2158] D:NATHAN_Lisez_moi.txt
[11/03/2013 – 11:32:53 | RAD ] D:xml
[11/09/2013 – 16:24:30 | D ] E:Cours St Brévin
[13/10/2013 – 12:16:20 | N | 557057] E:pointofix120en-20070402-setup.zip
[12/10/2013 – 18:58:32 | N | 166332] E:familia eval 4è sq 2.odt
[10/10/2013 – 15:28:16 | N | 16825] F:Grille Séquence 2 4ème Guillaume.odt
[10/10/2013 – 15:37:50 | N | 16209] F:Grille Séquence 2 3ème Guillaume.odt
[22/09/2013 – 19:47:54 | D ] F:Transports
[04/04/2007 – 16:28:56 | N | 663552] F:Pointofix-en.exe
[20/09/2013 – 17:08:04 | D ] F:M2 Guillaume
[25/09/2013 – 16:42:56 | D ] F:3-IUFM-FAMILIA
[25/09/2013 – 16:42:46 | D ] F:1-IUFM-CIUDAD
[04/10/2013 – 17:28:18 | N | 5274120] F:familia real.png
[03/10/2013 – 19:58:18 | N | 1516687] F:Laura impression.odt
[12/10/2013 – 18:58:32 | N | 166332] F:familia eval 4è sq 2.odt
[18/02/2013 – 11:30:04 | D ] F:Do
[18/02/2013 – 11:30:36 | D ] F:Guillaume M1
[29/08/2013 – 22:38:12 | N | 32937529] F:Documents pour Stagiaires.zip
[01/09/2013 – 10:14:40 | D ] F:4ème USB
[01/09/2013 – 10:14:46 | D ] F:3ème USB
[04/09/2013 – 16:34:12 | D ] F:Collège La Venaiserie
[04/09/2013 – 16:42:04 | D ] F:Docs audio Fred

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:8ts6vgpi]