Répondre à : Virus sur clé USB 2016-09-08T13:13:29+00:00
Margaret9_5
Participant
Post count: 8

Avant tout MERCI pour tout ce temps passé et pour ta précieuse aide.
voici le rapport ci dessous, puis je utiliser mes clés après cela ??

############################## | UsbFix V 7.148 | [Suppression]

Utilisateur: Margaret (Administrateur) # MARGARET-PC
Mis à jour le 01/11/2013 par El Desaparecido – Team SosVirus
Lancé à 22:09:39 | 02/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: SAMSUNG ELECTRONICS CO., LTD. (R530/R730/R540 )
CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
RAM -> [Total : 3893 | Free : 1708]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit)
WB: Windows Internet Explorer : 9.0.8112.16421
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 23.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 179 Go (73 Go libre(s) – 41%) [] # NTFS
D: -> Disque fixe # 267 Go (250 Go libre(s) – 94%) [] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 990 Mo (562 Mo libre(s) – 57%) [] # FAT32
H: -> Disque amovible # 7 Go (3 Go libre(s) – 45%) [] # FAT32

################## | Référence de comparaison MD5 |

Md5 : ac8f18c5c595a5685fcea46e61b6b5af -> C:UsersMargaretAppDataLocalTempDrives.vbs
Md5 : DENIED -> H:11111.vbs

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1164 |ParentID: 728)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1488 |ParentID: 728)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1680 |ParentID: 728)
Stoppé! C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe (ID: 1704 |ParentID: 728)
Stoppé! C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe (ID: 1992 |ParentID: 728)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 1312 |ParentID: 728)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2100 |ParentID: 1312)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3744 |ParentID: 728)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4324 |ParentID: 728)
Stoppé! C:Windowssystem32DllHost.exe (ID: 3024 |ParentID: 852)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5060 |ParentID: 844)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5236 |ParentID: 5060)
Stoppé! C:Windowssystem32taskhost.exe (ID: 1236 |ParentID: 728)
Stoppé! C:Windowssystem32taskeng.exe (ID: 7100 |ParentID: 600)
Stoppé! C:WindowsExplorer.EXE (ID: 3204 |ParentID: 6244)
Stoppé! C:Program Files (x86)SamsungSamsung Recovery Solution 4WCScheduler.exe (ID: 6536 |ParentID: 7100)
Stoppé! C:Program Files (x86)SamsungEasy Display Managerdmhkcore.exe (ID: 6176 |ParentID: 7100)
Stoppé! C:Program Files (x86)SamsungSamsung Support CenterSSCKbdHk.exe (ID: 7164 |ParentID: 7100)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 4360 |ParentID: 3204)
Stoppé! C:Program FilesElantechETDCtrl.exe (ID: 7064 |ParentID: 3204)
Stoppé! C:WindowsSystem32igfxtray.exe (ID: 5016 |ParentID: 3204)
Stoppé! C:WindowsSystem32hkcmd.exe (ID: 6088 |ParentID: 3204)
Stoppé! C:WindowsSystem32igfxpers.exe (ID: 1308 |ParentID: 3204)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID: 5196 |ParentID: 3204)
Stoppé! C:Program Files (x86)Windows LiveMessengermsnmsgr.exe (ID: 5344 |ParentID: 3204)
Stoppé! C:Windowssystem32igfxext.exe (ID: 3020 |ParentID: 852)
Stoppé! C:Windowssystem32igfxsrvc.exe (ID: 3584 |ParentID: 852)
Stoppé! C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe (ID: 7076 |ParentID: 3204)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID: 3296 |ParentID: 3204)
Stoppé! C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe (ID: 6700 |ParentID: 3204)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 5080 |ParentID: 5660)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 4472 |ParentID: 3204)
Stoppé! C:Program FilesElantechETDCtrlHelper.exe (ID: 4488 |ParentID: 7064)
Stoppé! C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID: 6060 |ParentID: 3864)
Stoppé! C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID: 5108 |ParentID: 6060)
Stoppé! C:Program Files (x86)SAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe (ID: 748 |ParentID: 7100)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 4052 |ParentID: 564)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 3616 |ParentID: 4472)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 1332 |ParentID: 3616)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 1660 |ParentID: 1332)
Stoppé! C:Windowssystem32taskhost.exe (ID: 3884 |ParentID: 728)
Stoppé! C:Windowssystem32taskeng.exe (ID: 2588 |ParentID: 600)

################## | Regedit Run |

HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [UCam_Menu] – “C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program Files (x86)CyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1092720162-2847117269-3509739149-1001SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-1092720162-2847117269-3509739149-1001SOFTWARE | Run : [msnmsgr] – “C:Program Files (x86)Windows LiveMessengermsnmsgr.exe” /background
HKUS-1-5-21-1092720162-2847117269-3509739149-1001SOFTWARE | Run : [TomTomHOME.exe] – “C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe”
HKUS-1-5-21-1092720162-2847117269-3509739149-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! F:chxnxyx.lnk
Supprimé! F:JOURNEE des LANGUES.lnk
Supprimé! F:orange.lnk
Supprimé! F:mariejo.lnk
Supprimé! F:HG_Liens.lnk
Supprimé! F:~WRL0003.lnk
Supprimé! F:~$Compostelle_2010.lnk
Supprimé! F:Adele, texte blog.lnk
Supprimé! F:LONDON suggestions.lnk
Supprimé! F:SOLIDARITE avec le BÉNIN.lnk
Supprimé! F:GRILLE D’AUTO EVALUATION.lnk
Supprimé! F:Adele, questions, Compréhension écrite.lnk
Supprimé! F:Adele,someonelikeyou.lnk
Supprimé! F:Camino_interview.lnk
Supprimé! F:Mardi, mercredi, jeudi, vendredi.lnk
Supprimé! F:Logement Sandra.lnk
Supprimé! F:All about Thanksgiving.lnk
Supprimé! F:ENGLISH TEST.lnk
Supprimé! F:An Irish blessing.lnk
Supprimé! F:Petit mémo pour déposer un fichier audio sur Scolinfo.lnk
Supprimé! F:Nico attestation.lnk
Supprimé! F:Mr Bean ROUTINE.lnk
Supprimé! F:Octobre 2012.lnk
Supprimé! F:Relevé carrière.lnk
Supprimé! F:PO les langues2012-2013.lnk
Supprimé! F:Revue du piano ( liste).lnk
Supprimé! F:Demande de remboursement partiel des titres de transport 2012-2013.lnk
Supprimé! F:Part 3 unit 6 a scary visit.lnk
Supprimé! F:KARINE.lnk
Supprimé! F:Queen – I Want To Break Free (High Quality).lnk
Supprimé! F:Courrier Bouygues Papa.lnk
Supprimé! F:Thumbs.lnk
Supprimé! F:recipe-pumpkin pie.lnk
Supprimé! F:3LV1.lnk
Supprimé! F:3LV2.lnk
Supprimé! F:spet.lnk
Supprimé! F:KET.lnk
Supprimé! F:Utilitaires VPI Epson.lnk
Supprimé! F:CNED5.lnk
Supprimé! F:JEL 2012.lnk
Supprimé! F:DIVERS.lnk
Supprimé! F:2010-2011 recherches.lnk
Supprimé! F:Back to school activities.lnk
Supprimé! F:Halloween.lnk
Supprimé! F:poster_phonologique_fichiers.lnk
Supprimé! F:SOCLE et +++.lnk
Supprimé! F:GB.lnk
Supprimé! F:Relevé carrière_fichiers.lnk
Supprimé! F:Pack.lnk
Supprimé! F:~$Nov-Déc_2012_michel.lnk
Supprimé! F:~$Octobre 2012.lnk
Supprimé! H:School.lnk
Supprimé! H:perso.lnk
Supprimé! H:Asking my way.lnk
Supprimé! H:anglais ( controle corrigé).lnk
Supprimé! H:SEQUENCE 9_Julia.lnk
Supprimé! H:recherches.lnk
Supprimé! H:what’s the date.lnk
Supprimé! C:ProgramDataezsidmv.dat
Supprimé! C:UsersMargaretAppDataLocalTempDrives.vbs
Supprimé! F:trz82D1.tmp
Supprimé! H:trzDBED.tmp

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

################## | Listing |

[10/09/2011 – 14:09:57 | SHD ] C:$Recycle.Bin
[04/09/2013 – 14:27:58 | D ] C:AdwCleaner
[01/06/2013 – 21:59:21 | D ] C:Bordas
[23/10/2013 – 21:35:19 | SHD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[09/04/2011 – 10:29:36 | D ] C:found.000
[27/10/2013 – 10:37:48 | ASH | 4081635328] C:hiberfil.sys
[03/09/2012 – 16:37:07 | RHD ] C:MSOCache
[27/10/2013 – 10:37:52 | ASH | 4081635328] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[15/10/2013 – 22:18:41 | D ] C:Program Files
[15/10/2013 – 22:18:41 | D ] C:Program Files (x86)
[02/11/2013 – 22:13:23 | HD ] C:ProgramData
[18/03/2011 – 18:00:50 | SHD ] C:Recovery
[09/08/2010 – 07:13:50 | N | 2162] C:RHDSetup.log
[09/08/2010 – 07:20:12 | N | 191] C:Setup.log
[01/11/2013 – 00:00:24 | SHD ] C:System Volume Information
[02/11/2013 – 22:13:29 | D ] C:UsbFix
[02/11/2013 – 22:15:27 | A | 11149] C:UsbFix [Clean 8] MARGARET-PC.txt
[02/11/2013 – 19:30:51 | N | 10597] C:UsbFix [Scan 1] MARGARET-PC.txt
[02/11/2013 – 19:36:05 | N | 10274] C:UsbFix [Scan 2] MARGARET-PC.txt
[02/11/2013 – 20:10:42 | N | 10579] C:UsbFix [Scan 3] MARGARET-PC.txt
[02/11/2013 – 20:37:43 | N | 10684] C:UsbFix [Scan 4] MARGARET-PC.txt
[22/07/2012 – 23:05:04 | N | 260] C:user.js
[04/05/2012 – 19:03:01 | RD ] C:Users
[30/09/2013 – 17:23:42 | D ] C:Windows
[18/03/2011 – 19:09:39 | SHD ] D:$RECYCLE.BIN
[11/04/2008 – 09:07:18 | N | 3820] D:eula.1028.txt
[11/04/2008 – 09:07:18 | N | 15428] D:eula.1031.txt
[11/04/2008 – 09:07:18 | N | 10058] D:eula.1033.txt
[11/04/2008 – 09:07:18 | N | 12246] D:eula.1036.txt
[11/04/2008 – 09:07:18 | N | 13912] D:eula.1040.txt
[11/04/2008 – 09:07:18 | N | 5868] D:eula.1041.txt
[11/04/2008 – 09:07:18 | N | 5970] D:eula.1042.txt
[11/04/2008 – 09:07:18 | N | 10134] D:eula.1049.txt
[11/04/2008 – 09:07:18 | N | 3814] D:eula.2052.txt
[11/04/2008 – 09:07:18 | N | 12936] D:eula.3082.txt
[11/04/2008 – 09:07:18 | N | 1110] D:globdata.ini
[11/04/2008 – 07:03:48 | N | 562688] D:install.exe
[11/04/2008 – 09:07:18 | N | 843] D:install.ini
[11/04/2008 – 07:03:48 | N | 76304] D:install.res.1028.dll
[11/04/2008 – 07:03:48 | N | 96272] D:install.res.1031.dll
[11/04/2008 – 07:03:48 | N | 91152] D:install.res.1033.dll
[11/04/2008 – 07:03:48 | N | 97296] D:install.res.1036.dll
[11/04/2008 – 07:03:48 | N | 95248] D:install.res.1040.dll
[11/04/2008 – 07:03:48 | N | 81424] D:install.res.1041.dll
[11/04/2008 – 07:03:48 | N | 79888] D:install.res.1042.dll
[11/04/2008 – 09:09:24 | N | 93200] D:install.res.1049.dll
[11/04/2008 – 07:03:48 | N | 75792] D:install.res.2052.dll
[11/04/2008 – 07:03:48 | N | 96272] D:install.res.3082.dll
[20/10/2013 – 22:18:14 | D ] D:SamsungRecovery
[20/03/2011 – 13:57:30 | SHD ] D:System Volume Information
[21/04/2011 – 15:32:29 | D ] D:SystemSoftware
[11/04/2008 – 09:07:18 | N | 5686] D:vcredist.bmp
[11/04/2008 – 09:09:38 | N | 3797292] D:VC_RED.cab
[11/04/2008 – 09:11:40 | N | 233472] D:VC_RED.MSI
[18/06/2012 – 11:33:56 | D ] F:3LV1
[13/10/2010 – 07:10:02 | D ] F:3LV2
[07/06/2012 – 12:44:22 | D ] F:spet
[03/04/2011 – 13:28:00 | D ] F:KET
[03/07/2012 – 17:03:16 | D ] F:Utilitaires VPI Epson
[01/12/2011 – 15:09:38 | N | 24417782] F:JOURNEE des LANGUES.zip
[01/11/2010 – 21:25:22 | N | 165] F:~$Compostelle_2010.ppsx
[28/11/2011 – 12:27:06 | N | 29184] F:Adele, texte blog.doc
[09/02/2013 – 11:10:10 | N | 19410] F:LONDON suggestions.docx
[19/06/2012 – 13:34:24 | N | 9140] F:orange.odt
[01/01/2013 – 15:52:10 | N | 17073] F:SOLIDARITE avec le BÉNIN.docx
[09/02/2013 – 11:13:36 | N | 509860] F:LONDON suggestions.pdf
[10/01/2013 – 09:54:38 | D ] F:CNED5
[11/12/2012 – 23:00:44 | N | 13882] F:GRILLE D’AUTO EVALUATION.docx
[29/11/2011 – 21:36:56 | N | 13561] F:Adele, questions, Compréhension écrite.docx
[26/09/2012 – 07:28:46 | D ] F:JEL 2012
[06/12/2012 – 12:28:22 | D ] F:DIVERS
[24/11/2011 – 14:10:54 | N | 23040] F:Adele,someonelikeyou.doc
[14/01/2013 – 17:40:46 | N | 12116] F:HG_Liens.docx
[22/06/2012 – 16:53:54 | N | 56606] F:Camino_interview.docx
[03/04/2011 – 13:28:28 | D ] F:2010-2011 recherches
[03/04/2011 – 13:29:12 | D ] F:Back to school activities
[25/10/2012 – 19:27:22 | D ] F:Halloween
[21/09/2009 – 18:29:22 | D ] F:poster_phonologique_fichiers
[22/10/2012 – 23:34:42 | N | 25758] F:Mardi, mercredi, jeudi, vendredi.docx
[22/11/2010 – 01:48:28 | D ] F:SOCLE et +++
[31/07/2013 – 16:49:12 | N | 13382] F:Logement Sandra.odt
[20/11/2012 – 21:19:06 | N | 89847] F:All about Thanksgiving.pdf
[20/11/2012 – 21:17:24 | N | 25076] F:ENGLISH TEST.pdf
[15/11/2012 – 10:11:48 | D ] F:GB
[28/02/2013 – 10:27:24 | N | 13485] F:An Irish blessing.docx
[26/09/2012 – 19:43:00 | N | 29184] F:Petit mémo pour déposer un fichier audio sur Scolinfo.doc
[03/11/2012 – 11:11:18 | N | 280648] F:Nico attestation.pdf
[18/11/2012 – 12:14:56 | N | 18284387] F:Mr Bean ROUTINE.mp4
[15/11/2012 – 12:20:52 | N | 165] F:~$Nov-Déc_2012_michel.xlsx
[15/11/2012 – 10:14:30 | N | 15446] F:Octobre 2012.xlsx
[10/10/2013 – 11:53:24 | N | 60015] F:Petit mémo pour déposer un fichier audio sur Scolinfo.pdf
[15/11/2012 – 12:21:14 | N | 165] F:~$Octobre 2012.xlsx
[28/11/2012 – 16:48:54 | D ] F:Relevé carrière_fichiers
[28/11/2012 – 16:48:54 | N | 611] F:Relevé carrière.htm
[17/11/2012 – 08:03:18 | N | 6843719] F:PO les langues2012-2013.pptx
[13/12/2012 – 15:10:48 | N | 18315] F:Revue du piano ( liste).docx
[22/12/2012 – 19:15:40 | N | 90260] F:mariejo.docx
[22/12/2012 – 19:04:00 | N | 11579] F:~WRL0003.tmp
[31/12/2012 – 09:15:36 | D ] F:Pack
[13/01/2013 – 18:16:38 | N | 36864] F:Demande de remboursement partiel des titres de transport 2012-2013.doc
[25/04/2013 – 12:58:34 | N | 43634] F:Part 3 unit 6 a scary visit.docx
[16/11/2012 – 21:20:24 | N | 88291] F:KARINE.docx
[10/05/2013 – 22:05:32 | N | 4305558] F:Queen – I Want To Break Free (High Quality).mp3
[22/07/2013 – 17:07:06 | N | 12392] F:Courrier Bouygues Papa.docx
[17/11/2012 – 09:12:16 | RASH | 13824] F:Thumbs.db
[22/11/2012 – 21:46:34 | N | 227075] F:recipe-pumpkin pie.docx
[02/11/2013 – 20:34:58 | RASHD ] F:Autorun.inf
[04/05/2013 – 20:44:32 | D ] H:School
[12/05/2013 – 22:11:56 | D ] H:perso
[07/10/2013 – 17:06:02 | N | 120328] H:Asking my way.pdf
[10/10/2013 – 17:57:50 | N | 17048] H:anglais ( controle corrigé).odt
[01/09/2013 – 19:41:44 | N | 16961] H:SEQUENCE 9_Julia.docx
[20/06/2013 – 17:27:50 | D ] H:recherches
[15/10/2013 – 16:21:14 | N | 466537] H:what’s the date.pdf

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |