Répondre à : Scan UsbFix 2016-09-08T13:11:42+00:00
Manu68
Nombre d'articles : 0

Bonjour H.A.W.X.posting.php?mode=reply&f=6&t=3625#,
Merci de me prendre en charge.
Voici la copie du rapport UsbFix :

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: Session (Administrateur) # SESSION-PC
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 12:45:12 | 27/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: ASUSTeK Computer INC. (P8Z68-V GEN3)
CPU: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
RAM -> [Total : 8167 | Free : 6090]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Bitdefender Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 112 Go (65 Go libre(s) – 58%) [] # NTFS
D: -> Disque fixe # 1863 Go (807 Go libre(s) – 43%) [Disque Documents] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 486 Mo (473 Mo libre(s) – 97%) [CATOT-DEF] # FAT
G: -> Disque amovible # 2 Go (169 Mo libre(s) – 9%) [CATOT-DEF] # FAT

################## | Regedit Run |

HKLMSOFTWARE | Run : [JMB36X IDE Setup] – C:WindowsRaidToolxInsIDE.exe
HKLMSOFTWARE | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWARE | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe
HKLMSOFTWARE | Run : [beid] – “C:Program Files (x86)Belgium Identity Cardbeid35gui.exe” /startup
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [] –
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [JMB36X IDE Setup] – C:WindowsRaidToolxInsIDE.exe
HKLMSOFTWAREwow6432Node | Run : [BCSSync] – “C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe” /DelayServices
HKLMSOFTWAREwow6432Node | Run : [PMBVolumeWatcher] – C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe
HKLMSOFTWAREwow6432Node | Run : [beid] – “C:Program Files (x86)Belgium Identity Cardbeid35gui.exe” /startup
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [KiesTrayAgent] – C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
HKLMSOFTWAREwow6432Node | Run : [] –
HKLMSOFTWAREwow6432Node | Run : [iTunesHelper] – “C:Program Files (x86)iTunesiTunesHelper.exe”
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1405575197-3764527232-3368374373-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-1405575197-3764527232-3368374373-1000SOFTWARE | Run : [KiesPreload] – C:Program Files (x86)SamsungKiesKies.exe /preload
HKUS-1-5-21-1405575197-3764527232-3368374373-1000SOFTWARE | Run : [KiesAirMessage] – C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
HKUS-1-5-21-1405575197-3764527232-3368374373-1000SOFTWARE | Run : [KiesPDLR] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
HKUS-1-5-21-1405575197-3764527232-3368374373-1000SOFTWARE | Run : [] – C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe
HKUS-1-5-21-1405575197-3764527232-3368374373-1000SOFTWARE | Run : [TomTomHOME.exe] – “C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [{90140000-0011-0000-0000-0000000FF1CE}] – C:Windowssystem32cmd.exe /C del “C:ProgramDataMicrosoft HelpRgstrtn.lck” /Q /A:H

################## | Processus Stoppés |

Stoppé! C:Program FilesBitdefenderBitdefender 2012vsserv.exe (ID 960 |ParentID 780)
Stoppé! C:Windowssystem32nvvsvc.exe (ID 1048 |ParentID 780)
Stoppé! C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID 1072 |ParentID 780)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID 1616 |ParentID 1048)
Stoppé! C:Windowssystem32nvvsvc.exe (ID 1632 |ParentID 1048)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1816 |ParentID 780)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1456 |ParentID 780)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID 1920 |ParentID 780)
Stoppé! C:Program Files (x86)Bluetooth Suiteadminservice.exe (ID 2132 |ParentID 780)
Stoppé! C:Program FilesBonjourmDNSResponder.exe (ID 2196 |ParentID 780)
Stoppé! C:Windowssystem32IProsetMonitor.exe (ID 2240 |ParentID 780)
Stoppé! C:Program Files (x86)SonyPlayMemories HomePMBDeviceInfoProvider.exe (ID 2344 |ParentID 780)
Stoppé! C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe (ID 2412 |ParentID 780)
Stoppé! C:Program FilesBitdefenderBitdefender 2012updatesrv.exe (ID 2464 |ParentID 780)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID 2836 |ParentID 780)
Stoppé! C:Program FilesBitdefenderBitdefender 2012bdagent.exe (ID 3700 |ParentID 3676)
Stoppé! C:WindowsExplorer.EXE (ID 3780 |ParentID 3724)
Stoppé! C:Windowssystem32taskhost.exe (ID 3796 |ParentID 780)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 4040 |ParentID 3780)
Stoppé! C:Program Files (x86)Bluetooth SuiteBtvStack.exe (ID 4048 |ParentID 3780)
Stoppé! C:Program Files (x86)Bluetooth SuiteAthBtTray.exe (ID 4056 |ParentID 3780)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID 2228 |ParentID 3780)
Stoppé! C:Program Files (x86)SamsungKiesKies.exe (ID 1760 |ParentID 3780)
Stoppé! C:Program Files (x86)SamsungKiesExternalFirmwareUpdateKiesPDLR.exe (ID 1752 |ParentID 3780)
Stoppé! C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe (ID 3304 |ParentID 3780)
Stoppé! C:UsersSessionAppDataRoamingDropboxbinDropbox.exe (ID 3404 |ParentID 3780)
Stoppé! C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe (ID 3208 |ParentID 616)
Stoppé! C:Program Files (x86)SamsungKiesKiesTrayAgent.exe (ID 3692 |ParentID 616)
Stoppé! C:Program Files (x86)HPHP Software Updatehpwuschd2.exe (ID 3680 |ParentID 616)
Stoppé! C:Program Files (x86)iTunesiTunesHelper.exe (ID 3716 |ParentID 616)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 3772 |ParentID 616)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID 1272 |ParentID 1616)
Stoppé! C:Program FilesiPodbiniPodService.exe (ID 4120 |ParentID 780)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 4448 |ParentID 780)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 4604 |ParentID 780)
Stoppé! C:Program FilesBitdefenderBitdefender 2012odscanui.exe (ID 5252 |ParentID 3700)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 5384 |ParentID 1332)
Stoppé! C:Program Files (x86)Internet ExplorerIELowutil.exe (ID 1960 |ParentID 2904)
Stoppé! C:Program FilesInternet Exploreriexplore.exe (ID 4392 |ParentID 5912)
Stoppé! C:Program Files (x86)Internet ExplorerIEXPLORE.EXE (ID 3612 |ParentID 4392)
Stoppé! C:WindowsSystem32MsSpellCheckingFacility.exe (ID 3600 |ParentID 904)
Stoppé! C:Program FilesBitdefenderBitdefender 2012seccenter.exe (ID 5704 |ParentID 3700)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID 3384 |ParentID 5876)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKCU….ExplorerMountPoints2{0ff73912-2aa7-11e3-a60d-002683388e54}

################## | Listing |

[10/05/2012 – 11:28:59 | SHD ] C:$Recycle.Bin
[27/10/2013 – 10:21:49 | N | 1095582] C:bdlog.txt
[10/05/2012 – 14:03:00 | N | 270] C:bdr-conf
[23/09/2011 – 14:53:04 | N | 217769] C:bdrescue
[14/11/2011 – 16:03:40 | N | 36942680] C:bdrescue.gz
[23/09/2011 – 14:53:08 | N | 9216] C:bdrescue.mbr
[23/09/2011 – 14:53:08 | N | 2510608] C:bdrescue.vm
[25/09/2013 – 13:52:47 | D ] C:Condor
[21/10/2013 – 16:38:14 | SHD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[20/06/2012 – 11:01:10 | D ] C:drivers
[27/10/2013 – 12:23:57 | ASH | 6422888448] C:hiberfil.sys
[10/05/2012 – 12:45:08 | D ] C:Intel
[10/05/2012 – 14:04:51 | RHD ] C:MSOCache
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[28/07/2013 – 18:06:38 | D ] C:Program Files
[20/10/2013 – 20:07:32 | D ] C:Program Files (x86)
[20/10/2013 – 20:00:39 | HD ] C:ProgramData
[10/05/2012 – 12:47:10 | D ] C:RaidTool
[10/05/2012 – 11:28:54 | SHD ] C:Recovery
[10/05/2012 – 12:46:03 | N | 2142] C:RHDSetup.log
[25/10/2013 – 18:12:10 | SHD ] C:System Volume Information
[13/04/2013 – 11:44:25 | D ] C:Temp
[27/10/2013 – 12:46:39 | D ] C:UsbFix
[27/10/2013 – 12:47:34 | A | 10119] C:UsbFix [Clean 1] SESSION-PC.txt
[27/10/2013 – 12:41:53 | N | 10081] C:UsbFix [Scan 3] SESSION-PC.txt
[17/11/2012 – 23:48:16 | RD ] C:Users
[27/10/2013 – 12:24:06 | D ] C:Windows
[12/05/2012 – 14:13:17 | SHD ] D:$RECYCLE.BIN
[27/11/2012 – 06:16:19 | D ] D:CLE 1GB
[02/06/2013 – 19:07:29 | D ] D:DOCUMENTS
[27/10/2013 – 12:24:24 | D ] D:Dropbox
[31/08/2013 – 08:55:44 | D ] D:JACQUETTES
[08/06/2013 – 19:31:05 | N | 24654] D:off_dib.bmp
[27/10/2013 – 12:23:59 | ASH | 8563851264] D:pagefile.sys
[27/05/2013 – 20:33:49 | D ] D:PHOTOS
[13/05/2012 – 08:59:27 | D ] D:Programmes Christophe
[12/05/2012 – 14:04:18 | D ] D:Sauvegarde donnees par installateur_A TRIER
[25/10/2013 – 18:12:10 | SHD ] D:System Volume Information
[02/01/2013 – 16:34:46 | D ] D:Thunderbird_Courriers
[13/05/2012 – 09:03:27 | D ] D:Thunderbird_Sauvegarde
[12/05/2012 – 14:03:45 | D ] D:Users
[23/06/2013 – 18:05:10 | D ] D:VIDEOS
[13/04/2013 – 14:57:42 | D ] D:Y_Le Trone de Fer
[13/10/2013 – 17:29:51 | D ] D:Z_Videos Grand Pa
[21/10/2013 – 12:05:12 | N | 13639751] F:Anatomie et biologie.pdf
[16/10/2013 – 20:06:42 | N | 135034320] G:Bande son définitive pios.wav
[19/10/2013 – 21:06:36 | D ] G:Eclaireurs
[19/10/2013 – 21:07:34 | D ] G:Louveteaux
[19/10/2013 – 21:08:14 | D ] G:Pionniers
[19/10/2013 – 13:16:18 | N | 311525318] G:Diaporama Camp Pis Aujac 2013.pptx
[19/10/2013 – 13:16:46 | N | 311525319] G:Diaporama Camp Pis Aujac 2013.ppsx

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |