Répondre à : une quiche en informatique HELP VIRUS sur clé usb et ordi ( ?) 2016-09-08T13:17:20+00:00
Elisse
Participant
Post count: 11

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Elise (Administrateur) # ELISE-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 23:32:08 | 12/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: TOSHIBA (NTWAA)
CPU: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
RAM -> [Total : 3958 | Free : 2369]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft Windows 7 Professionnel (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 195 Go (121 Go libre(s) – 62%) [] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 270 Go (270 Go libre(s) – 100%) [Nouveau nom] # NTFS
F: -> Disque amovible # 2 Go (2 Go libre(s) – 89%) [USB FRED] # FAT
G: -> CD-ROM
H: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [LEXAR] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1300 |ParentID: 632)
Stoppé! C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID: 2856 |ParentID: 1576)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3192 |ParentID: 3120)
Stoppé! C:Windowsexplorer.exe (ID: 6076 |ParentID: 656)
Stoppé! C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID: 5232 |ParentID: 632)
Stoppé! C:WindowsSystem32rundll32.exe (ID: 916 |ParentID: 792)
Stoppé! C:Windowssystem32WUDFHost.exe (ID: 5372 |ParentID: 372)
Stoppé! C:Program Filesma-config.comMaConfigAgent.exe (ID: 6016 |ParentID: 632)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 5136 |ParentID: 632)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5684 |ParentID: 632)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3136 |ParentID: 632)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3380 |ParentID: 6076)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3416 |ParentID: 3380)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5064 |ParentID: 3380)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4592 |ParentID: 3380)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 3420 |ParentID: 3380)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4720 |ParentID: 3380)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5160 |ParentID: 3380)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 5428 |ParentID: 3380)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4692 |ParentID: 3380)
Stoppé! C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 6132 |ParentID: 3380)
Stoppé! \?C:Windowssystem32wbemWMIADAP.EXE (ID: 5904 |ParentID: 580)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 5520 |ParentID: 632)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
04 – HKLMSOFTWARE | Run : [TWebCamera] – “C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
04 – HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWARE | Run : [AMD AVT] – Cmd.exe /c start “AMD Accelerated Video Transcoding device initialization” /min “C:Program Files (x86)AMD AVTbinkdbsync.exe” aml
04 – HKLMSOFTWARE | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWARE | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [KeNotify] – C:Program Files (x86)TOSHIBAUtilitiesKeNotify.exe
04 – HKLMSOFTWAREwow6432Node | Run : [TWebCamera] – “C:Program Files (x86)TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe” autorun
04 – HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
04 – HKLMSOFTWAREwow6432Node | Run : [AMD AVT] – Cmd.exe /c start “AMD Accelerated Video Transcoding device initialization” /min “C:Program Files (x86)AMD AVTbinkdbsync.exe” aml
04 – HKLMSOFTWAREwow6432Node | Run : [AdobeCS5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe” -launchedbylogin
04 – HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [CanonSolutionMenuEx] – C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE /logon
04 – HKLMSOFTWAREwow6432Node | Run : [APSDaemon] – “C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [QuickTime Task] – “C:Program Files (x86)QuickTimeQTTask.exe” -atboottime
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-3925533832-1425483490-452360100-1000SOFTWARE | Run : [AlcoholAutomount] – “C:Program Files (x86)Alcohol SoftAlcohol 120AxAutoMntSrv.exe” -automount
04 – HKUS-1-5-21-3925533832-1425483490-452360100-1000SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersEliseAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-18SOFTWARE | RunOnce : [SPReview] – “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

################## | Recherche générique |

Supprimé! H:iTunesHelper.vbe
Supprimé! H:ANALYSE SEMANTIQUE.lnk
Supprimé! H:Illustrator.lnk
Supprimé! H:Autorun.inf.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3925533832-1425483490-452360100-1000SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper

################## | Listing |

[21/11/2012 – 16:42:51 | SHD ] C:$Recycle.Bin
[20/03/2013 – 17:34:31 | D ] C:364566154b8d295216728a0eb1d0b1
[12/11/2013 – 15:51:59 | D ] C:AMD
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[12/11/2013 – 23:09:07 | ASH | 3112386560] C:hiberfil.sys
[17/11/2012 – 00:09:12 | D ] C:Intel
[12/11/2013 – 23:09:12 | ASH | 4149850112] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[11/09/2013 – 12:45:31 | D ] C:Program Files
[06/11/2013 – 02:07:08 | D ] C:Program Files (x86)
[11/09/2013 – 10:29:32 | HD ] C:ProgramData
[16/11/2012 – 20:06:12 | SHD ] C:Recovery
[16/05/2013 – 16:18:27 | SHD ] C:System Volume Information
[12/11/2013 – 23:36:29 | D ] C:UsbFix
[12/11/2013 – 23:36:35 | A | 11506] C:UsbFix [Clean 2] ELISE-PC.txt
[12/11/2013 – 23:36:35 | A | 8348] C:UsbFix [Clean 3] ELISE-PC.txt
[12/11/2013 – 21:41:30 | N | 6443] C:UsbFix [Listing 1 ] ELISE-PC.txt
[12/11/2013 – 22:50:28 | N | 12724] C:UsbFix [Scan 1] ELISE-PC.txt
[16/11/2012 – 20:06:23 | RD ] C:Users
[24/07/2013 – 14:39:23 | D ] C:Windows
[01/01/1995 – 01:00:00 | R | 44] D:Track01.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track02.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track03.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track04.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track05.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track06.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track07.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track08.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track09.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track10.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track11.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track12.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track13.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track14.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track15.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track16.cda
[01/01/1995 – 01:00:00 | R | 44] D:Track17.cda
[16/11/2012 – 22:35:08 | SHD ] E:$RECYCLE.BIN
[01/12/2006 – 23:37:14 | N | 904704] E:msdia80.dll
[16/11/2012 – 22:34:20 | SHD ] E:System Volume Information
[04/11/2013 – 10:40:10 | D ] F:design Verguet
[12/11/2013 – 15:51:14 | N | 1139498] H:ANALYSE SEMANTIQUE.pdf
[12/11/2013 – 21:40:58 | SHD ] H:Autorun.inf
[10/10/2012 – 08:17:28 | N | 799428] H:Illustrator.pdf

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |