Répondre à : dossiers de clé usb devenus raccorurcis (infection probable) 2016-09-08T13:13:31+00:00
postrockfan
Nombre d'articles : 0

Alors, bonne suprise (même si totalement incompréhenssible), tout remarche : je peux accéder à ma clé usb et à ma carte sd.
Merci beaucoup pour la prise en charge :super:
Du coup je transmets tout de même le rapport de usbfix, si jamais une/des anomalie(s) demeure(nt)…

Spoiler for 37clydgy

############################## | UsbFix V 7.145 | [Suppression]

Utilisateur: Benoit (Administrateur) # BENOIT-HP
Mis à jour le 17/10/2013 par El Desaparecido – Team SosVirus
Lancé à 21:16:02 | 02/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: MSI (2A9C)
CPU: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
RAM -> [Total : 3959 | Free : 1912]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16540

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 918 Go (644 Go libre(s) – 70%) [OS] # NTFS
D: -> Disque fixe # 14 Go (2 Go libre(s) – 12%) [HP_RECOVERY] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 7 Go (7 Go libre(s) – 95%) [BENOÎT 8GO] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWARE | Run : [HP Software Update] – c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWARE | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [IAStorIcon] – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
HKLMSOFTWAREwow6432Node | Run : [Easybits Recovery] – C:Program Files (x86)EasyBits For KidsezRecover.exe
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-1621899223-3974254524-1225225801-1001SOFTWARE | Run : [Connexion SFR 9props.exe] – “C:Program Files (x86)SFRKit9props.exe” /trayicon
HKUS-1-5-21-1621899223-3974254524-1225225801-1001SOFTWARE | Run : [GoogleChromeAutoLaunch_4EDDD163CB067D19A444C8E91C237BFA] – “C:Program Files (x86)GoogleChromeApplicationchrome.exe” –no-startup-window
HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Processus Stoppés |

Stoppé! c:Program FilesMicrosoft Security ClientMsMpEng.exe (ID 940 |ParentID 648)
Stoppé! C:Windowssystem32atiesrxx.exe (ID 992 |ParentID 648)
Stoppé! C:Windowssystem32atieclxx.exe (ID 1300 |ParentID 992)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1444 |ParentID 648)
Stoppé! C:WindowsSysWOW64ezSharedSvcHost.exe (ID 1624 |ParentID 648)
Stoppé! C:Windowssystem32taskhost.exe (ID 1948 |ParentID 648)
Stoppé! c:Program Files (x86)Common FilesLightScribeLSSrvc.exe (ID 1076 |ParentID 648)
Stoppé! C:WindowsExplorer.EXE (ID 1604 |ParentID 1180)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 1648 |ParentID 648)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2000 |ParentID 648)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 2532 |ParentID 648)
Stoppé! C:Windowssystem32WUDFHost.exe (ID 2544 |ParentID 372)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe (ID 2924 |ParentID 1604)
Stoppé! C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe (ID 2932 |ParentID 1604)
Stoppé! C:Program FilesMicrosoft Security Clientmsseces.exe (ID 2952 |ParentID 1604)
Stoppé! C:Program Files (x86)SFRKit9props.exe (ID 2608 |ParentID 1604)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 1796 |ParentID 1604)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe (ID 1244 |ParentID 2780)
Stoppé! C:Program Files (x86)HpHP Software Updatehpwuschd2.exe (ID 2528 |ParentID 2780)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 2280 |ParentID 2780)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 2504 |ParentID 1796)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3380 |ParentID 1796)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3492 |ParentID 1796)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3544 |ParentID 1796)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 3556 |ParentID 1796)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID 4376 |ParentID 1796)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 4616 |ParentID 3060)
Stoppé! C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 4700 |ParentID 4616)
Stoppé! C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe (ID 2316 |ParentID 648)
Stoppé! C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID 1324 |ParentID 648)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 2460 |ParentID 648)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 4808 |ParentID 648)
Stoppé! C:Windowssystem32cmd.exe (ID 4996 |ParentID 1604)
Stoppé! C:Windowssystem32conhost.exe (ID 4780 |ParentID 540)
Stoppé! C:Windowssystem32cmd.exe (ID 860 |ParentID 1604)
Stoppé! C:Windowssystem32conhost.exe (ID 4316 |ParentID 540)

################## | Éléments infectieux |

Supprimé! F:Maternelle Gustave Doré.lnk
Supprimé! F:.Trashes.lnk
Supprimé! F:.fseventsd.lnk
Supprimé! F:CALENDRIERS.lnk
Supprimé! F:Cahiers de vie.lnk
Supprimé! F:CALENDRIER 2012.lnk
Supprimé! F:Rentrée.lnk
Supprimé! F:Piscine.lnk
Supprimé! F:Comptines.lnk
Supprimé! F:Images.lnk
Supprimé! F:fiches de travail.lnk
Supprimé! F:Chiffres.lnk
Supprimé! F:trombinoscope.lnk
Supprimé! F:Cahiers journaux.lnk
Supprimé! F:Recyclerdesktop.ini

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-1621899223-3974254524-1225225801-1001SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
Supprimé! HKCU….ExplorerMountPoints2{4829afaa-86cb-11e1-a910-6c626d603771}
Supprimé! HKCU….ExplorerMountPoints2{b3938712-21b4-11e2-add5-6c626d603771}
Supprimé! HKCU….ExplorerMountPoints2{bcbc8f26-ce59-11e0-8c66-6c626d603771}

################## | Listing |

[28/05/2011 – 20:55:06 | SHD ] C:$RECYCLE.BIN
[02/11/2013 – 20:44:12 | D ] C:AdwCleaner
[26/10/2013 – 12:35:58 | RASHD ] C:Autorun.inf
[24/07/2009 – 20:22:29 | RASH | 8192] C:BOOTSECT.BAK
[10/05/2013 – 13:20:46 | D ] C:components
[26/10/2013 – 08:46:33 | SHD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[08/08/2013 – 14:59:42 | D ] C:ElementalTinkerer
[27/08/2012 – 07:48:12 | D ] C:emme
[31/10/2013 – 13:13:32 | N | 0] C:end
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1028.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1031.txt
[07/11/2007 – 08:00:40 | N | 10134] C:eula.1033.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1036.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1040.txt
[07/11/2007 – 08:00:40 | N | 118] C:eula.1041.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.1042.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.2052.txt
[07/11/2007 – 08:00:40 | N | 17734] C:eula.3082.txt
[07/11/2007 – 08:00:40 | N | 1110] C:globdata.ini
[02/11/2013 – 20:37:05 | ASH | 3113545728] C:hiberfil.sys
[07/05/2011 – 19:13:19 | D ] C:hp
[07/11/2007 – 08:03:18 | N | 562688] C:install.exe
[07/11/2007 – 08:00:40 | N | 843] C:install.ini
[07/11/2007 – 08:03:18 | N | 76304] C:install.res.1028.dll
[07/11/2007 – 08:03:18 | N | 96272] C:install.res.1031.dll
[07/11/2007 – 08:03:18 | N | 91152] C:install.res.1033.dll
[07/11/2007 – 08:03:18 | N | 97296] C:install.res.1036.dll
[07/11/2007 – 08:03:18 | N | 95248] C:install.res.1040.dll
[07/11/2007 – 08:03:18 | N | 81424] C:install.res.1041.dll
[07/11/2007 – 08:03:18 | N | 79888] C:install.res.1042.dll
[07/11/2007 – 08:03:18 | N | 75792] C:install.res.2052.dll
[07/11/2007 – 08:03:18 | N | 96272] C:install.res.3082.dll
[24/10/2010 – 20:53:03 | D ] C:Intel
[03/09/2011 – 10:44:26 | D ] C:Kirikou
[24/10/2010 – 22:24:14 | N | 0] C:OS
[02/11/2013 – 20:37:06 | ASH | 4151394304] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[14/09/2013 – 19:44:36 | D ] C:Program Files
[02/11/2013 – 20:35:10 | D ] C:Program Files (x86)
[26/10/2013 – 12:20:03 | HD ] C:ProgramData
[24/07/2009 – 19:32:39 | SHD ] C:Recovery
[09/12/2012 – 21:27:17 | D ] C:swsetup
[01/11/2013 – 23:26:01 | SHD ] C:System Volume Information
[06/05/2011 – 16:26:47 | D ] C:SYSTEM.SAV
[04/10/2013 – 12:04:14 | D ] C:Temp
[02/11/2013 – 21:20:41 | D ] C:UsbFix
[02/11/2013 – 21:22:27 | A | 9720] C:UsbFix [Clean 4] BENOIT-HP.txt
[26/10/2013 – 12:46:06 | N | 5489] C:UsbFix [Listing 1 ] BENOIT-HP.txt
[26/10/2013 – 12:33:34 | N | 10393] C:UsbFix [Scan 1] BENOIT-HP.txt
[26/10/2013 – 12:39:50 | N | 10539] C:UsbFix [Scan 2] BENOIT-HP.txt
[08/12/2012 – 16:32:50 | N | 58] C:user.js
[06/05/2011 – 16:18:02 | RD ] C:Users
[07/11/2007 – 08:00:40 | N | 5686] C:vcredist.bmp
[07/11/2007 – 08:09:22 | N | 1442522] C:VC_RED.cab
[07/11/2007 – 08:12:28 | N | 232960] C:VC_RED.MSI
[22/06/2011 – 08:27:36 | D ] C:ViaMichelin
[18/09/2013 – 08:32:06 | D ] C:VoidLauncher
[26/10/2013 – 16:02:36 | D ] C:Windows
[06/05/2011 – 16:26:53 | SHD ] D:$RECYCLE.BIN
[26/10/2013 – 12:35:59 | RASHD ] D:Autorun.inf
[06/05/2011 – 16:17:50 | SHD ] D:boot
[14/07/2009 – 03:39:00 | ASH | 383562] D:bootmgr
[06/05/2011 – 16:17:48 | N | 0] D:BT_HP.FLG
[24/10/2010 – 22:59:14 | N | 494] D:CSP.DAT
[24/10/2010 – 23:15:55 | N | 22469] D:DeployRp.log
[06/05/2011 – 16:17:50 | D ] D:hp
[12/02/2012 – 08:43:12 | N | 20] D:HPSF_Rep.txt
[06/05/2011 – 16:26:44 | N | 8] D:HP_WSD.dat
[06/05/2011 – 16:17:37 | N | 44] D:language.ini
[10/05/2013 – 13:01:58 | N | 448] D:OS (C) – Raccourci.lnk
[06/05/2011 – 16:17:50 | SHD ] D:preload
[06/05/2011 – 16:17:50 | SD ] D:Recovery
[24/10/2010 – 23:15:54 | N | 0] D:RPCONFIG.LOG
[05/01/2013 – 10:32:03 | SHD ] D:System Volume Information
[03/09/2013 – 21:13:54 | D ] F:Maternelle Gustave Doré
[15/09/2013 – 16:03:14 | AH | 4096] F:._.Trashes
[15/09/2013 – 16:03:14 | SHD ] F:.Trashes
[15/09/2013 – 16:03:14 | D ] F:.fseventsd
[15/09/2013 – 16:09:58 | D ] F:CALENDRIER 2012
[30/09/2013 – 07:44:50 | HD ] F:recycler
[06/10/2013 – 20:34:04 | D ] F:Cahiers de vie
[14/10/2013 – 08:04:14 | N | 3465728] F:Matériel salle 4.doc
[13/10/2013 – 20:45:00 | N | 923174] F:rimes prénoms.pdf
[13/10/2013 – 17:36:04 | N | 128084480] F:Matériel salle 4'.doc
[13/10/2013 – 20:57:06 | N | 74283] F:2013-10-14.pdf
[17/10/2013 – 19:22:52 | D ] F:Photos piscine
[14/10/2013 – 20:55:30 | N | 356512] F:Cahier de vie période 1.pdf
[29/09/2013 – 20:39:08 | N | 15618] F:APC période 1.odt
[12/09/2013 – 19:29:12 | N | 29696] F:APC_ModEle_courrier_parents (1).doc
[05/09/2013 – 20:54:00 | N | 12255] F:prénoms MS une lettre par case.ods
[31/08/2013 – 21:11:30 | N | 8574] F:modèles boites à oeufs.odt
[31/08/2013 – 21:07:28 | N | 9193] F:modèles boites à oeufs.pdf
[31/08/2013 – 17:44:22 | N | 26060] F:2013-09-03.odt
[23/08/2013 – 21:34:56 | N | 16204] F:oeuvres d'art et graphismes.odt
[23/08/2013 – 20:00:22 | N | 676808] F:Compti1.PDF
[29/09/2013 – 19:52:04 | D ] F:Rentrée
[29/09/2013 – 16:04:42 | D ] F:Piscine
[15/09/2013 – 19:50:18 | D ] F:Comptines
[15/09/2013 – 19:04:20 | D ] F:Images
[11/09/2013 – 15:31:04 | D ] F:fiches de travail
[08/09/2013 – 20:52:42 | D ] F:Chiffres
[03/09/2013 – 21:37:42 | D ] F:trombinoscope
[02/09/2013 – 19:44:54 | D ] F:Cahiers journaux
[14/10/2013 – 21:41:08 | N | 73947] F:2013-10-15.pdf
[30/09/2013 – 18:59:38 | D ] F:Calendriers
[13/10/2013 – 17:34:44 | N | 3457024] F:~WRL0002.tmp

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:37clydgy]