Répondre à : clé usb infectée raccourcis system 32 2016-09-08T13:14:35+00:00
cece37
Participant
Post count: 4

Voilà le rapport de suppression!

[spoiler:1velrenn]############################## | UsbFix V 7.149 | [Suppression]

Utilisateur: niemczuk (Administrateur) # NIEMCZUK-PC
Mis à jour le 03/11/2013 par El Desaparecido – Team SosVirus
Lancé à 21:40:33 | 06/11/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Acer (Aspire X1400)
CPU: AMD Athlon(tm) II X2 220 Processor
RAM -> [Total : 4095 | Free : 1596]
Bios: American Megatrends, Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 25.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 458 Go (403 Go libre(s) – 88%) [Acer] # NTFS
D: -> Disque fixe # 458 Go (57 Go libre(s) – 12%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 964 Mo (182 Mo libre(s) – 19%) [HERMINIE] # FAT

################## | Référence de comparaison MD5 |

Md5 : 32bef3bb4b558ade6cf41113628fc86d -> C:UsersniemczukAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Md5 : DENIED -> C:UsersniemczukAppDataLocalTempiTunesHelper.vbe
Md5 : DENIED -> F:iTunesHelper.vbe

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (ID: 908 |ParentID: 620)
Stoppé! C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID: 932 |ParentID: 620)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1336 |ParentID: 620)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe (ID: 1420 |ParentID: 908)
Stoppé! C:Windowssystem32nvvsvc.exe (ID: 1428 |ParentID: 908)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 1632 |ParentID: 620)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 1764 |ParentID: 620)
Stoppé! C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe (ID: 1828 |ParentID: 620)
Stoppé! C:Program Files (x86)AcerRegistrationGREGsvc.exe (ID: 1852 |ParentID: 620)
Stoppé! c:PROGRA~2mcafeeSITEAD~1McSACore.exe (ID: 1884 |ParentID: 620)
Stoppé! C:Program FilesMicrosoft LifeCamMSCamS64.exe (ID: 1908 |ParentID: 620)
Stoppé! C:Windowssystem32rundll32.exe (ID: 1240 |ParentID: 1884)
Stoppé! C:Windowssystem32rundll32.exe (ID: 1312 |ParentID: 1884)
Stoppé! C:WindowsSysWOW64rundll32.exe (ID: 1176 |ParentID: 1240)
Stoppé! C:Program Files (x86)CyberlinkShared filesRichVideo.exe (ID: 1948 |ParentID: 620)
Stoppé! C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID: 2276 |ParentID: 620)
Stoppé! C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID: 2384 |ParentID: 620)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2456 |ParentID: 620)
Stoppé! C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe (ID: 2484 |ParentID: 620)
Stoppé! C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID: 2536 |ParentID: 620)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2784 |ParentID: 2456)
Stoppé! C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 3144 |ParentID: 620)
Stoppé! C:Windowssystem32taskhost.exe (ID: 3568 |ParentID: 620)
Stoppé! C:WindowsExplorer.EXE (ID: 3688 |ParentID: 3636)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID: 3140 |ParentID: 488)
Stoppé! C:Program Files (x86)EgisTec MyWinLockerx86mwlDaemon.exe (ID: 3896 |ParentID: 3688)
Stoppé! C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 3092 |ParentID: 3688)
Stoppé! C:WindowsWindowsMobilewmdc.exe (ID: 3880 |ParentID: 3688)
Stoppé! C:Program FilesMicrosoft IntelliType Proitype.exe (ID: 148 |ParentID: 3688)
Stoppé! C:Program FilesHPHP Deskjet 3050A J611 seriesBinScanToPCActivationApp.exe (ID: 4028 |ParentID: 3688)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID: 1508 |ParentID: 3688)
Stoppé! C:WindowsSystem32wscript.exe (ID: 1212 |ParentID: 3688)
Stoppé! C:Program FilesNVIDIA CorporationDisplaynvtray.exe (ID: 1056 |ParentID: 1420)
Stoppé! C:Program Files (x86)EgisTec IPSPmmUpdate.exe (ID: 4204 |ParentID: 2732)
Stoppé! C:Program Files (x86)AcerHotkey UtilityHotkeyUtility.exe (ID: 4252 |ParentID: 2732)
Stoppé! C:Program Files (x86)EgisTec IPSEgisUpdate.exe (ID: 4364 |ParentID: 4180)
Stoppé! C:Program Files (x86)Acer Arcade DeluxeArcade MovieArcadeMovieService.exe (ID: 4376 |ParentID: 2732)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 4388 |ParentID: 2732)
Stoppé! C:Program Files (x86)HPHP Software Updatehpwuschd2.exe (ID: 4396 |ParentID: 2732)
Stoppé! C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (ID: 4540 |ParentID: 2732)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 4668 |ParentID: 620)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4188 |ParentID: 620)
Stoppé! C:Windowssystem32DllHost.exe (ID: 5324 |ParentID: 824)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 4988 |ParentID: 3688)
Stoppé! C:Windowssystem32taskmgr.exe (ID: 6044 |ParentID: 712)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID: 3300 |ParentID: 3420)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 5668 |ParentID: 4988)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 4336 |ParentID: 5668)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 5800 |ParentID: 4336)
Stoppé! C:Windowssystem32SearchProtocolHost.exe (ID: 5388 |ParentID: 4668)
Stoppé! C:Windowssystem32SearchFilterHost.exe (ID: 3108 |ParentID: 4668)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWARE | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
04 – HKLMSOFTWARE | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
04 – HKLMSOFTWARE | Run : [Hotkey Utility] – C:Program Files (x86)AcerHotkey UtilityHotkeyUtility.exe
04 – HKLMSOFTWARE | Run : [MDS_Menu] – “C:Program Files (x86)Acer Arcade DeluxeMediaShow EspressoMUITransferMUIStartMenu.exe” “C:Program Files (x86)Acer Arcade DeluxeMediaShow Espresso” UpdateWithCreateOnce “SoftwareCyberLinkMediaShow Espresso5.6”
04 – HKLMSOFTWARE | Run : [ArcadeMovieService] – “C:Program Files (x86)Acer Arcade DeluxeArcade MovieArcadeMovieService.exe”
04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWARE | Run : [] –
04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [LifeCam] – “C:Program Files (x86)Microsoft LifeCamLifeExp.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [SuiteTray] – “C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [EgisUpdate] – “C:Program Files (x86)EgisTec IPSEgisUpdate.exe” -d
04 – HKLMSOFTWAREwow6432Node | Run : [EgisTecPMMUpdate] – “C:Program Files (x86)EgisTec IPSPmmUpdate.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [Hotkey Utility] – C:Program Files (x86)AcerHotkey UtilityHotkeyUtility.exe
04 – HKLMSOFTWAREwow6432Node | Run : [MDS_Menu] – “C:Program Files (x86)Acer Arcade DeluxeMediaShow EspressoMUITransferMUIStartMenu.exe” “C:Program Files (x86)Acer Arcade DeluxeMediaShow Espresso” UpdateWithCreateOnce “SoftwareCyberLinkMediaShow Espresso5.6”
04 – HKLMSOFTWAREwow6432Node | Run : [ArcadeMovieService] – “C:Program Files (x86)Acer Arcade DeluxeArcade MovieArcadeMovieService.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [HP Software Update] – C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
04 – HKLMSOFTWAREwow6432Node | Run : [] –
04 – HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [LifeCam] – “C:Program Files (x86)Microsoft LifeCamLifeExp.exe”
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-1511522708-1983893109-91283177-1001SOFTWARE | Run : [HP Deskjet 3050A J611 series (NET)] – “C:Program FilesHPHP Deskjet 3050A J611 seriesBinScanToPCActivationApp.exe” -deviceID “CN1A7430DH05PJ:NW” -scfn “HP Deskjet 3050A J611 series (NET)” -AutoStart 1
04 – HKUS-1-5-21-1511522708-1983893109-91283177-1001SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
04 – HKUS-1-5-21-1511522708-1983893109-91283177-1001SOFTWARE | Run : [iTunesHelper] – wscript.exe //B “C:UsersniemczukAppDataLocalTempiTunesHelper.vbe”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersniemczukAppDataLocalTempiTunesHelper.vbe
Supprimé! C:UsersniemczukAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupiTunesHelper.vbe
Supprimé! F:iTunesHelper.vbe
Supprimé! F:pegre.lnk
Supprimé! F:tract v pour vendetta2.lnk
Supprimé! F:c'est la guerre.lnk
Supprimé! F:quotidien.lnk
Supprimé! F:affiche v pour vendetta.lnk
Supprimé! F:CV CEDRIC 1.lnk
Supprimé! F:antiracisme.lnk
Supprimé! F:actions_directes_nuc_vol1-A5.lnk
Supprimé! F:actionsdirectesnucvol2-A5.lnk
Supprimé! F:DE LA DOTATION EN ORDINATEUR EN MILIEU ETUDIANT.lnk
Supprimé! F:Nucleaire.lnk
Supprimé! F:programme projection novembreé2.lnk
Supprimé! F:PXR_AfficheForum2011V4.lnk
Supprimé! F:retraite journal.lnk
Supprimé! F:internationale journal.lnk
Supprimé! F:Problématique.lnk
Supprimé! F:.lnk
Supprimé! F:CV 2011.lnk
Supprimé! F:fly clément.lnk
Supprimé! F:Fiche renseignements contrats Pecresse.lnk
Supprimé! F:FICHE INSCRIPTION PSC1 TP.lnk
Supprimé! F:bon-de-commande.lnk
Supprimé! F:Mutuelle Sans Ticket Villejean v02.lnk
Supprimé! F:Devis Réparation Ecran -QT-1291462- BODIN Cédric.lnk
Supprimé! F:.Trash-1000.lnk
Supprimé! F:Apps.lnk
Supprimé! F:mutuelle maquette.lnk
Supprimé! F:Cours.lnk
Supprimé! F:Kit Tri2.lnk
Supprimé! F:Enquête Vie Numérique des Etudiants.lnk
Supprimé! F:étude, taf, papiers.lnk
Supprimé! F:plana4.lnk
Supprimé! F:antifa.lnk
Supprimé! F:Entretien K.lnk
Supprimé! F:tiqqun.lnk
Supprimé! F:pour G.lnk
Supprimé! F:texte squat.lnk
Supprimé! F:tr, bro etc.lnk
Supprimé! F:CV.lnk

(!) Fichiers temporaires supprimés.

################## | Comparaison MD5 |

################## | Registre |

Supprimé! HKUS-1-5-21-1511522708-1983893109-91283177-1001SoftwareMicrosoftWindowsCurrentVersionRun|iTunesHelper
Supprimé! HKUS-1-5-21-1511522708-1983893109-91283177-1001Software….Mountpoints2{fa37f83d-07ca-11e1-ab46-f80f4116fd2b}

################## | Listing |

[30/10/2011 – 19:53:14 | SHD ] C:$RECYCLE.BIN
[10/10/2007 – 09:02:31 | D ] C:book
[26/08/2010 – 14:05:55 | RASH | 8192] C:BOOTSECT.BAK
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[16/07/2010 – 01:33:30 | N | 5093] C:FRZ1LP41.MD5
[06/11/2013 – 20:25:57 | ASH | 3220725760] C:hiberfil.sys
[16/07/2010 – 01:29:19 | N | 291] C:LPCD.DAT
[18/01/2012 – 18:55:39 | D ] C:Micro Application
[18/01/2012 – 18:58:31 | D ] C:Micro Application – Super point de croix deluxe – Ref 3545 – par NS
[03/09/2011 – 15:15:07 | D ] C:OEM
[06/11/2013 – 20:26:01 | ASH | 4294303744] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[10/10/2013 – 11:32:19 | D ] C:Program Files
[06/11/2013 – 20:23:50 | D ] C:Program Files (x86)
[06/11/2013 – 19:06:04 | HD ] C:ProgramData
[03/09/2011 – 15:13:33 | SHD ] C:Recovery
[10/10/2007 – 08:58:43 | N | 2206] C:RHDSetup.log
[05/11/2013 – 09:51:53 | SHD ] C:System Volume Information
[06/11/2013 – 21:42:36 | D ] C:UsbFix
[06/11/2013 – 21:42:37 | A | 13074] C:UsbFix [Clean 1] NIEMCZUK-PC.txt
[06/11/2013 – 20:57:10 | N | 12850] C:UsbFix [Scan 1] NIEMCZUK-PC.txt
[25/08/2012 – 10:05:07 | N | 317] C:user.js
[17/11/2012 – 19:45:51 | RD ] C:Users
[31/10/2013 – 08:55:53 | D ] C:Windows
[13/09/2011 – 21:35:58 | SHD ] D:$RECYCLE.BIN
[17/10/2012 – 22:17:55 | D ] D:Backup Niemczuk
[22/10/2012 – 11:17:23 | N | 528] D:MediaID.bin
[27/10/2013 – 19:03:35 | D ] D:NIEMCZUK-PC
[27/10/2013 – 20:03:10 | SHD ] D:System Volume Information
[01/04/2012 – 18:39:53 | D ] D:WindowsImageBackup
[20/03/2011 – 10:06:18 | N | 28472073] F:pegre.pdf
[21/03/2011 – 14:21:52 | N | 153667] F:tract v pour vendetta2.pdf
[29/08/2010 – 12:47:20 | N | 50297] F:c'est la guerre.odt
[03/02/2011 – 17:39:38 | N | 38399] F:quotidien.odt
[16/05/2011 – 12:09:12 | D ] F:.Trash-1000
[08/06/2008 – 00:52:22 | D ] F:Apps
[16/05/2011 – 12:02:10 | D ] F:texte squat
[21/03/2011 – 14:21:02 | N | 177284] F:affiche v pour vendetta.pdf
[28/10/2013 – 21:12:40 | N | 525158] F:plana4.pdf
[20/03/2011 – 10:01:56 | D ] F:tiqqun
[27/06/2011 – 16:35:10 | N | 24527] F:CV.odt
[30/06/2011 – 14:29:26 | N | 21504] F:CV CEDRIC 1.doc
[30/06/2011 – 14:44:00 | N | 249946] F:antiracisme.2
[21/03/2011 – 17:42:34 | N | 2121761] F:actions_directes_nuc_vol1-A5.pdf
[21/03/2011 – 17:49:04 | N | 2098384] F:actionsdirectesnucvol2-A5.pdf
[26/03/2011 – 23:41:50 | N | 193575] F:DE LA DOTATION EN ORDINATEUR EN MILIEU ETUDIANT.odt
[26/03/2011 – 16:51:48 | N | 198382] F:DE LA DOTATION EN ORDINATEUR EN MILIEU ETUDIANT.docx
[27/03/2011 – 14:37:12 | N | 920356] F:Nucleaire.pdf
[07/11/2011 – 23:24:20 | N | 868377] F:programme projection novembreé2.pdf
[30/10/2011 – 18:10:04 | N | 153137] F:PXR_AfficheForum2011V4.jpg
[19/10/2013 – 13:31:08 | N | 10360] F:antifa.docx
[02/11/2013 – 12:22:04 | N | 34907] F:Entretien K. analyse BD.docx
[04/11/2013 – 11:59:42 | N | 451756] F:mutuelle maquette.pdf
[06/11/2013 – 16:54:42 | N | 9875] F:pour G.odt
[06/11/2013 – 18:38:34 | D ] F:tr, bro etc
[17/05/2009 – 13:23:58 | D ] F:Cours
[12/01/2011 – 19:43:24 | N | 26750] F:retraite journal.odt
[25/01/2011 – 11:27:46 | N | 23594] F:internationale journal.odt
[25/01/2011 – 16:20:10 | D ] F:Kit Tri2
[26/01/2011 – 12:25:00 | N | 12322] F:Problématique.odt
[16/02/2011 – 16:42:26 | N | 159] F:.~lock.squat 4.odt#
[01/03/2011 – 17:58:14 | D ] F:Enquête Vie Numérique des Etudiants
[07/03/2011 – 10:36:06 | N | 9728] F:CV 2011.wps
[06/06/2013 – 16:33:42 | N | 231971] F:fly clément.pdf 3.pdf
[06/06/2013 – 14:57:20 | N | 227752] F:fly clément.pdf
[06/06/2013 – 15:24:32 | N | 227595] F:fly clément.pdf 2.pdf
[12/06/2013 – 17:17:12 | N | 46592] F:Fiche renseignements contrats Pecresse.doc
[14/06/2013 – 09:42:00 | D ] F:étude, taf, papiers
[20/06/2013 – 12:23:44 | N | 40448] F:FICHE INSCRIPTION PSC1 TP.doc
[12/09/2013 – 15:22:00 | N | 994396] F:bon-de-commande.pdf
[25/09/2013 – 10:22:12 | N | 1002143] F:Mutuelle Sans Ticket Villejean v02.jpg
[02/10/2013 – 15:18:40 | N | 144513] F:Devis Réparation Ecran -QT-1291462- BODIN Cédric.pdf

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1velrenn]