Répondre à : PC n°2 2016-09-08T13:11:52+00:00
beu
Participant
Nombre d'articles : 47

J’ai mal fait la capture d’écran, mais au final ça a marché ! :)

Rapport de suppression USBfix

Spoiler for 2pxueojs

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: famille bergougnoux (Administrateur) # HP
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 12:11:54 | 28/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Hewlett-Packard (30E9)
CPU: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
RAM -> [Total : 3067 | Free : 2166]
Bios: Hewlett-Packard
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 233 Go (68 Go libre(s) – 29%) [] # NTFS
D: -> CD-ROM
E: -> Disque amovible # 2 Go (2 Go libre(s) – 100%) [] # FAT

################## | Regedit Run |

HKLMSOFTWARE | Run : [avast!] – “C:Program FilesAlwil SoftwareAvast4ashDisp.exe”
HKLMSOFTWARE | Run : [QlbCtrl.exe] – C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
HKLMSOFTWARE | Run : [SoundMAXPnP] – C:Program FilesAnalog DevicesCoresmax4pnp.exe
HKLMSOFTWARE | Run : [SynTPEnh] – %ProgramFiles%SynapticsSynTPSynTPEnh.exe
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [Zune Launcher] – “C:Program FilesZuneZuneLauncher.exe”
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeQTTask.exe” -atboottime
HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
HKLMSOFTWARE | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1455129409-4251015548-826711595-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-1455129409-4251015548-826711595-1000SOFTWARE | Run : [Google Update] – “C:Usersfamille bergougnouxAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-1455129409-4251015548-826711595-1000SOFTWARE | Run : [Facebook Update] – “C:Usersfamille bergougnouxAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-21-1455129409-4251015548-826711595-1000SOFTWARE | Run : [EPSON SX420W Series] – C:Windowssystem32spoolDRIVERSW32X863E_FATIGCE.EXE /FU “C:WindowsTEMPE_S4A65.tmp” /EF “HKCU”
HKUS-1-5-21-1455129409-4251015548-826711595-1000SOFTWARE | Run : [ApplePhotoStreams] – C:Program FilesCommon FilesAppleInternet ServicesApplePhotoStreams.exe
HKUS-1-5-21-1455129409-4251015548-826711595-1000SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-21-1455129409-4251015548-826711595-1000SOFTWARE | Run : 257654.bmp– “C:Usersfamille bergougnouxIMG 257654.bmp.scr”
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Processus Stoppés |

Stoppé! C:WindowsExplorer.EXE (ID 1328 |ParentID 1316)
Stoppé! C:Windowssystem32ctfmon.exe (ID 1448 |ParentID 1328)
Stoppé! C:Windowssystem32DllHost.exe (ID 1648 |ParentID 612)

################## | Éléments infectieux |

Non supprimé ! C:RecyclerS-1-5-21-1482476501-1715567821-839522115-1008

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[19/07/2013 – 17:59:17 | SHD ] C:$Recycle.Bin
[27/05/2013 – 18:34:41 | D ] C:c2960f23dfac759df304fad30
[27/10/2013 – 14:48:39 | D ] C:AdwCleaner
[10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
[28/10/2013 – 11:35:37 | RASHD ] C:Autorun.inf
[07/02/2013 – 16:40:30 | D ] C:Bescherelle
[24/03/2013 – 13:55:01 | SHD ] C:Boot
[28/11/2008 – 14:06:14 | N | 212] C:Boot.BAK
[16/11/2012 – 13:43:19 | N | 356] C:Boot.ini.saved
[02/03/2006 – 12:00:00 | N | 4952] C:Bootfont.bin
[20/11/2010 – 13:40:07 | RASH | 383786] C:bootmgr
[16/11/2012 – 13:43:21 | RASH | 8192] C:BOOTSECT.BAK
[07/01/2013 – 17:21:30 | D ] C:cd0c5724a1e0c32dddc7f64a9811
[28/11/2008 – 15:06:18 | N | 164] C:chicony.log
[24/05/2009 – 17:34:07 | D ] C:coktel
[27/10/2013 – 22:42:08 | SHD ] C:Config.Msi
[10/06/2009 – 22:42:20 | N | 10] C:config.sys
[16/11/2012 – 14:20:01 | | 333288] C:CXYHD
[14/08/2009 – 22:08:16 | D ] C:d9f945482f857f38e0ec
[15/05/2010 – 22:35:43 | D ] C:divx
[14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
[25/08/2010 – 15:59:34 | N | 1140] C:drmHeader.bin
[28/11/2008 – 14:56:55 | N | 161] C:esuinst.log
[28/11/2008 – 14:49:19 | N | 198] C:esu_xpsp2.log
[04/03/2013 – 09:12:42 | D ] C:Firefox
[29/04/2013 – 19:27:33 | D ] C:Games
[28/10/2013 – 12:10:45 | ASH | 2412195840] C:hiberfil.sys
[28/11/2008 – 15:04:08 | N | 111544] C:intel_chipset.log
[28/11/2008 – 15:05:14 | N | 259976] C:intel_msm.log
[28/11/2008 – 14:09:41 | N | 0] C:IO.SYS
[28/11/2008 – 14:09:41 | N | 0] C:MSDOS.SYS
[06/11/2011 – 11:17:58 | RHD ] C:MSOCache
[02/03/2006 – 12:00:00 | N | 47564] C:NTDETECT.COM
[10/04/2009 – 17:16:33 | N | 252240] C:ntldr
[29/02/2004 – 16:44:34 | N | 52576] C:orange.bmp
[28/10/2013 – 12:10:48 | ASH | 3216261120] C:pagefile.sys
[14/07/2009 – 03:37:05 | D ] C:PerfLogs
[18/12/2009 – 20:02:43 | N | 46174] C:playground.log
[04/01/2009 – 19:49:30 | D ] C:Poker
[05/03/2011 – 18:19:05 | D ] C:Pref_Tefal
[27/10/2013 – 14:48:27 | D ] C:Program Files
[27/10/2013 – 14:48:27 | HD ] C:ProgramData
[16/11/2012 – 14:12:56 | SHD ] C:Recovery
[28/10/2013 – 11:33:34 | SHD ] C:RECYCLER
[26/09/2012 – 18:02:57 | D ] C:Remote Programs
[28/11/2008 – 14:56:55 | N | 227] C:sedinst2.log
[28/11/2008 – 15:15:09 | N | 163] C:Setup.log
[28/11/2008 – 15:07:56 | D ] C:SWSetup
[28/11/2008 – 15:07:38 | N | 190] C:syntpad.log
[25/10/2013 – 07:42:27 | SHD ] C:System Volume Information
[28/11/2008 – 14:46:04 | D ] C:SYSTEM.SAV
[16/01/2011 – 14:05:12 | RASH | 5120] C:Thumbs.db
[28/10/2013 – 12:14:56 | D ] C:UsbFix
[28/10/2013 – 11:27:15 | N | 8266] C:UsbFix [Clean 1] HP.txt
[28/10/2013 – 11:54:49 | N | 7868] C:UsbFix [Clean 2] HP.txt
[28/10/2013 – 12:17:00 | A | 6913] C:UsbFix [Clean 3] HP.txt
[28/10/2013 – 11:14:56 | N | 10478] C:UsbFix [Scan 1] HP.txt
[23/02/2012 – 08:43:55 | N | 1490] C:user.js
[05/03/2013 – 10:24:36 | RD ] C:Users
[27/10/2013 – 22:42:55 | D ] C:Windows
[15/06/2013 – 09:32:54 | N | 3333120] E:Bridgit Mendler – Ready or Not (Official Video).mp3
[28/10/2013 – 11:35:38 | RASHD ] E:Autorun.inf

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:2pxueojs]